{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"libraw","version":"0.20.2-2.1+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.21.4-1","latest_non_vulnerable_version":"0.22.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350487?format=json","vulnerability_id":"VCID-16gd-uc62-9ufj","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24450.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24450.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24450","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14819","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16511","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16444","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1798","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17981","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17942","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24450"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845","reference_id":"1133845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455925","reference_id":"2455925","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11360","reference_id":"RHSA-2026:11360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13854","reference_id":"RHSA-2026:13854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13870","reference_id":"RHSA-2026:13870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13870"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363","reference_id":"TALOS-2026-2363","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:47Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-24450"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16gd-uc62-9ufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350458?format=json","vulnerability_id":"VCID-6xx8-17hs-dycx","summary":"A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20889.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20889.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20889","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14819","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16511","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16444","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1798","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17981","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17942","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20889"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845","reference_id":"1133845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455942","reference_id":"2455942","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13284","reference_id":"RHSA-2026:13284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14224","reference_id":"RHSA-2026:14224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14655","reference_id":"RHSA-2026:14655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14673","reference_id":"RHSA-2026:14673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14673"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358","reference_id":"TALOS-2026-2358","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:39:11Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-20889"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xx8-17hs-dycx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267678?format=json","vulnerability_id":"VCID-7fkh-bs2q-3kh9","summary":"LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5318.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5318","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02671","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0388","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04979","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07123","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07051","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07068","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07133","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07141","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07154","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07114","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07155","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0715","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07181","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12745","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12717","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12715","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12646","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12512","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5318"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/releases/tag/0.22.1","reference_id":"0.22.1","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://github.com/LibRaw/LibRaw/releases/tag/0.22.1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132655","reference_id":"1132655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454185","reference_id":"2454185","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454185"},{"reference_url":"https://vuldb.com/vuln/354650","reference_id":"354650","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://vuldb.com/vuln/354650"},{"reference_url":"https://vuldb.com/submit/780538","reference_id":"780538","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://vuldb.com/submit/780538"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/794","reference_id":"794","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://github.com/LibRaw/LibRaw/issues/794"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/794#issuecomment-4065342499","reference_id":"794#issuecomment-4065342499","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://github.com/LibRaw/LibRaw/issues/794#issuecomment-4065342499"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995","reference_id":"a6734e867b19d75367c05f872ac26322464e3995","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/354650/cti","reference_id":"cti","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://vuldb.com/vuln/354650/cti"},{"reference_url":"https://github.com/LibRaw/LibRaw/","reference_id":"LibRaw","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://github.com/LibRaw/LibRaw/"},{"reference_url":"https://github.com/biniamf/pocs/tree/main/libraw_lljpeg","reference_id":"libraw_lljpeg","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:48:49Z/"}],"url":"https://github.com/biniamf/pocs/tree/main/libraw_lljpeg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-5318"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fkh-bs2q-3kh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350488?format=json","vulnerability_id":"VCID-fcxc-babh-jkdy","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24660.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24660","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14819","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16511","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16444","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1798","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17981","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17942","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24660"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845","reference_id":"1133845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455926","reference_id":"2455926","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13284","reference_id":"RHSA-2026:13284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15924","reference_id":"RHSA-2026:15924","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15925","reference_id":"RHSA-2026:15925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15926","reference_id":"RHSA-2026:15926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15926"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359","reference_id":"TALOS-2026-2359","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:48Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-24660"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fcxc-babh-jkdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350446?format=json","vulnerability_id":"VCID-fhgt-mdjx-3bap","summary":"A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21413.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21413.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21413","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14819","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16511","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16444","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1798","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17981","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17942","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21413"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845","reference_id":"1133845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455929","reference_id":"2455929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11360","reference_id":"RHSA-2026:11360","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13284","reference_id":"RHSA-2026:13284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13854","reference_id":"RHSA-2026:13854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13860","reference_id":"RHSA-2026:13860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13868","reference_id":"RHSA-2026:13868","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13870","reference_id":"RHSA-2026:13870","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13870"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14224","reference_id":"RHSA-2026:14224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14224"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14655","reference_id":"RHSA-2026:14655","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14673","reference_id":"RHSA-2026:14673","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14673"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331","reference_id":"TALOS-2026-2331","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:38:23Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-21413"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhgt-mdjx-3bap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350486?format=json","vulnerability_id":"VCID-j71m-zp3s-jfhr","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20884.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20884.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20884","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14819","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16511","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16444","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1798","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17981","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17942","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20884"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20884","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20884"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845","reference_id":"1133845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455934","reference_id":"2455934","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455934"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364","reference_id":"TALOS-2026-2364","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-08T03:55:46Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-20884"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j71m-zp3s-jfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/349400?format=json","vulnerability_id":"VCID-jv1c-typs-bfed","summary":"A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5342.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5342.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5342","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14115","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.18877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23328","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23528","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23585","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23627","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2361","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23564","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23317","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23512","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23533","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2807","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28153","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28129","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28067","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28091","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5342"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/releases/tag/0.22.1","reference_id":"0.22.1","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://github.com/LibRaw/LibRaw/releases/tag/0.22.1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132655","reference_id":"1132655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454372","reference_id":"2454372","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454372"},{"reference_url":"https://vuldb.com/vuln/354671","reference_id":"354671","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://vuldb.com/vuln/354671"},{"reference_url":"https://vuldb.com/submit/781223","reference_id":"781223","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://vuldb.com/submit/781223"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/795","reference_id":"795","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://github.com/LibRaw/LibRaw/issues/795"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/795#issuecomment-4073769886","reference_id":"795#issuecomment-4073769886","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://github.com/LibRaw/LibRaw/issues/795#issuecomment-4073769886"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/b8397cd45657b84e88bd1202528d1764265f185c","reference_id":"b8397cd45657b84e88bd1202528d1764265f185c","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://github.com/LibRaw/LibRaw/commit/b8397cd45657b84e88bd1202528d1764265f185c"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/vuln/354671/cti","reference_id":"cti","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://vuldb.com/vuln/354671/cti"},{"reference_url":"https://github.com/LibRaw/LibRaw/","reference_id":"LibRaw","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://github.com/LibRaw/LibRaw/"},{"reference_url":"https://github.com/biniamf/pocs/tree/main/libraw_nikonpadded","reference_id":"libraw_nikonpadded","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T19:54:27Z/"}],"url":"https://github.com/biniamf/pocs/tree/main/libraw_nikonpadded"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-5342"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jv1c-typs-bfed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350457?format=json","vulnerability_id":"VCID-sqs3-hagf-xfg9","summary":"A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20911.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20911","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14819","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16575","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16511","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16457","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16499","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16444","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1798","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17981","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17942","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20911"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845","reference_id":"1133845","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133845"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455959","reference_id":"2455959","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455959"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330","reference_id":"TALOS-2026-2330","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-07T14:35:15Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-20911"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqs3-hagf-xfg9"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83263?format=json","vulnerability_id":"VCID-1p46-52y8-kbgb","summary":"libRaw: infinite loop in the parse_minolta function in dcraw/dcraw.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5813.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5813","reference_id":"","reference_type":"","scores":[{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63832","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63867","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.6377","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64105","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64072","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64098","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.6398","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64016","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64028","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64035","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64045","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64014","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64059","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5813"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1609954","reference_id":"1609954","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1609954"},{"reference_url":"https://usn.ubuntu.com/3838-1/","reference_id":"USN-3838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5813"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1p46-52y8-kbgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81445?format=json","vulnerability_id":"VCID-25js-gs2n-jbfb","summary":"LibRaw: Out-of-bounds read in LibRaw::adobe_copy_pixel() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35533.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35533.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35533","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08119","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08257","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08237","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08114","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.081","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08199","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08272","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08339","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08319","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08349","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35533"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122358","reference_id":"2122358","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122358"},{"reference_url":"https://usn.ubuntu.com/5715-1/","reference_id":"USN-5715-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5715-1/"},{"reference_url":"https://usn.ubuntu.com/7266-1/","reference_id":"USN-7266-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7266-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928379?format=json","purl":"pkg:deb/debian/libraw@0.20.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35533"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25js-gs2n-jbfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70182?format=json","vulnerability_id":"VCID-33xw-gu7q-3uht","summary":"LibRaw: Improper Validation of Specified Quantity in Input in LibRaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43964.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43964","reference_id":"","reference_type":"","scores":[{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45617","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.4566","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45637","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45638","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45631","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45689","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45684","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45634","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45547","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00229","scoring_system":"epss","scoring_elements":"0.45494","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50818","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50788","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50832","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50801","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50749","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43964"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4","reference_id":"0.21.3...0.21.4","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:12:15Z/"}],"url":"https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103783","reference_id":"1103783","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103783"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361287","reference_id":"2361287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361287"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0","reference_id":"a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:12:15Z/"}],"url":"https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0"},{"reference_url":"https://www.libraw.org/news/libraw-0-21-4-release","reference_id":"libraw-0-21-4-release","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:12:15Z/"}],"url":"https://www.libraw.org/news/libraw-0-21-4-release"},{"reference_url":"https://usn.ubuntu.com/7485-1/","reference_id":"USN-7485-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7485-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928382?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928383?format=json","purl":"pkg:deb/debian/libraw@0.21.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-43964"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33xw-gu7q-3uht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82922?format=json","vulnerability_id":"VCID-34d5-3aug-ffgw","summary":"libraw: NULL pointer dereference in LibRaw::copy_bayer resulting in a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20364.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20364.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20364","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65616","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65816","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65783","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65827","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65798","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65665","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65694","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6566","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65711","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65724","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65745","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65731","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65702","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65737","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65751","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65736","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6575","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6576","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65734","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20364"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/194","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/194"},{"reference_url":"http://www.securityfocus.com/bid/106299","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106299"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663961","reference_id":"1663961","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663961"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917112","reference_id":"917112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917112"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20364","reference_id":"CVE-2018-20364","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20364"},{"reference_url":"https://usn.ubuntu.com/3989-1/","reference_id":"USN-3989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928374?format=json","purl":"pkg:deb/debian/libraw@0.19.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20364"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34d5-3aug-ffgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81471?format=json","vulnerability_id":"VCID-43af-u5hy-afcg","summary":"LibRaw: Out-of-bounds read in simple_decode_row() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35532.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35532.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35532","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08119","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08257","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08237","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08114","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.081","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08199","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08272","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08339","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08319","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08349","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35532"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122357","reference_id":"2122357","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122357"},{"reference_url":"https://usn.ubuntu.com/5715-1/","reference_id":"USN-5715-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5715-1/"},{"reference_url":"https://usn.ubuntu.com/7266-1/","reference_id":"USN-7266-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7266-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928379?format=json","purl":"pkg:deb/debian/libraw@0.20.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35532"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-43af-u5hy-afcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83253?format=json","vulnerability_id":"VCID-4ksq-fpwc-t3fq","summary":"LibRaw: Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5815.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5815.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5815","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68279","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68299","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68319","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68295","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68346","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68363","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68389","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68377","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68344","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68383","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68396","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68374","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68422","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68426","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6843","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68407","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68449","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68486","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68451","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68477","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5815"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5815","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5815"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610151","reference_id":"1610151","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610151"},{"reference_url":"https://usn.ubuntu.com/3838-1/","reference_id":"USN-3838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928377?format=json","purl":"pkg:deb/debian/libraw@0.18.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5815"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ksq-fpwc-t3fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81362?format=json","vulnerability_id":"VCID-54h1-vj6r-4ue5","summary":"LibRaw: Out-of-bounds read in LibRaw::parseSonySRF() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35535.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35535.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35535","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14676","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14726","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14606","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14695","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14754","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14714","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14622","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14513","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14519","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14585","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14615","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14613","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14553","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14431","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14565","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14655","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14653","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14697","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35535"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122362","reference_id":"2122362","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122362"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928379?format=json","purl":"pkg:deb/debian/libraw@0.20.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35535"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54h1-vj6r-4ue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84042?format=json","vulnerability_id":"VCID-57aw-3kt4-5fd8","summary":"libraw: Floating point exception in kodak_radc_load_raw function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13735.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13735","reference_id":"","reference_type":"","scores":[{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56895","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56919","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56859","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56876","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56814","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56871","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56899","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.5692","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56896","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56948","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56951","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56939","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56916","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00404","scoring_system":"epss","scoring_elements":"0.60974","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00597","scoring_system":"epss","scoring_elements":"0.69303","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488476","reference_id":"1488476","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488476"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729","reference_id":"874729","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729"},{"reference_url":"https://security.archlinux.org/ASA-201709-18","reference_id":"ASA-201709-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201709-18"},{"reference_url":"https://security.archlinux.org/AVG-410","reference_id":"AVG-410","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-410"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928369?format=json","purl":"pkg:deb/debian/libraw@0.18.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-13735"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57aw-3kt4-5fd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48133?format=json","vulnerability_id":"VCID-5qx5-u16v-vfgz","summary":"Multiple vulnerabilities have been found in LibRaw, the worst of\n    which may allow attackers to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8366.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8366.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8366","reference_id":"","reference_type":"","scores":[{"value":"0.0127","scoring_system":"epss","scoring_elements":"0.79623","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0127","scoring_system":"epss","scoring_elements":"0.79636","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0127","scoring_system":"epss","scoring_elements":"0.79551","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0127","scoring_system":"epss","scoring_elements":"0.79557","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0127","scoring_system":"epss","scoring_elements":"0.79573","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0127","scoring_system":"epss","scoring_elements":"0.79587","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0127","scoring_system":"epss","scoring_elements":"0.79609","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0127","scoring_system":"epss","scoring_elements":"0.79627","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79552","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79503","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.7958","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79585","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79582","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.7951","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79533","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79519","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79547","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.79577","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01277","scoring_system":"epss","scoring_elements":"0.7956","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8366"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287056","reference_id":"1287056","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287056"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809","reference_id":"806809","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168","reference_id":"864168","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168"},{"reference_url":"https://security.archlinux.org/AVG-92","reference_id":"AVG-92","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-92"},{"reference_url":"https://security.gentoo.org/glsa/201701-60","reference_id":"GLSA-201701-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-60"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928368?format=json","purl":"pkg:deb/debian/libraw@0.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.17.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8366"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qx5-u16v-vfgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72446?format=json","vulnerability_id":"VCID-6r3y-tdry-guc3","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6887.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6887.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6887","reference_id":"","reference_type":"","scores":[{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64515","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64721","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64728","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.647","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64568","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64597","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64555","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64604","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.6462","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64638","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64625","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64632","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64643","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64629","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64649","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64661","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64658","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64636","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64685","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1451642","reference_id":"1451642","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1451642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183","reference_id":"864183","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928371?format=json","purl":"pkg:deb/debian/libraw@0.18.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-6887"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6r3y-tdry-guc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70181?format=json","vulnerability_id":"VCID-88vk-c7wu-fffr","summary":"LibRaw: Out-of-Bounds Read in LibRaw's phase_one_correct Function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43962.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43962","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54155","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54208","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54185","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5416","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54258","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54219","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54262","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54243","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54222","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.58961","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5905","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59021","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59068","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5901","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43962"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4","reference_id":"0.21.3...0.21.4","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/"}],"url":"https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781","reference_id":"1103781","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361286","reference_id":"2361286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361286"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2","reference_id":"66fe663e02a4dd610b4e832f5d9af326709336c2","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/"}],"url":"https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2"},{"reference_url":"https://www.libraw.org/news/libraw-0-21-4-release","reference_id":"libraw-0-21-4-release","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:16Z/"}],"url":"https://www.libraw.org/news/libraw-0-21-4-release"},{"reference_url":"https://usn.ubuntu.com/7485-1/","reference_id":"USN-7485-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7485-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928382?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928383?format=json","purl":"pkg:deb/debian/libraw@0.21.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-43962"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88vk-c7wu-fffr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83595?format=json","vulnerability_id":"VCID-8g8a-1egc-pbhs","summary":"LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5805.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5805","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.65977","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66019","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66015","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66064","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66077","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66096","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66053","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66088","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66102","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.6609","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66111","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66122","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.6612","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66098","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66143","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66185","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66179","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5805"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591887","reference_id":"1591887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3065","reference_id":"RHSA-2018:3065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3065"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928376?format=json","purl":"pkg:deb/debian/libraw@0.18.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5805"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g8a-1egc-pbhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83801?format=json","vulnerability_id":"VCID-8nfh-uny2-2yay","summary":"libraw: Invalid read memory access in the LibRaw::xtrans_interpolate() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16910.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16910.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16910","reference_id":"","reference_type":"","scores":[{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6617","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66374","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66353","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66211","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66238","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66208","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66255","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66268","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66289","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66275","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66244","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66294","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66278","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66302","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66317","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66337","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16910"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524860","reference_id":"1524860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524860"},{"reference_url":"https://usn.ubuntu.com/3615-1/","reference_id":"USN-3615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928370?format=json","purl":"pkg:deb/debian/libraw@0.18.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16910"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nfh-uny2-2yay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16517?format=json","vulnerability_id":"VCID-aa14-ypvj-pfen","summary":"Out-of-bounds Write\nBuffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32142.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32142","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06284","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06317","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06772","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0635","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0633","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06378","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0642","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06412","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06406","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06395","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06335","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06346","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06493","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06505","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06521","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06533","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06552","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06682","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06746","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06752","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/gtt1995","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/"}],"url":"https://github.com/gtt1995"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/"}],"url":"https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/400","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/"}],"url":"https://github.com/LibRaw/LibRaw/issues/400"},{"reference_url":"https://www.libraw.org/","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/"}],"url":"https://www.libraw.org/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031790","reference_id":"1031790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031790"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2172004","reference_id":"2172004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2172004"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/","reference_id":"5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32142","reference_id":"CVE-2021-32142","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32142"},{"reference_url":"https://www.debian.org/security/2023/dsa-5412","reference_id":"dsa-5412","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/"}],"url":"https://www.debian.org/security/2023/dsa-5412"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/","reference_id":"E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-19T14:14:57Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00025.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6343","reference_id":"RHSA-2023:6343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0343","reference_id":"RHSA-2024:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2994","reference_id":"RHSA-2024:2994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2994"},{"reference_url":"https://usn.ubuntu.com/6137-1/","reference_id":"USN-6137-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6137-1/"},{"reference_url":"https://usn.ubuntu.com/7266-1/","reference_id":"USN-7266-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7266-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928381?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32142"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aa14-ypvj-pfen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82937?format=json","vulnerability_id":"VCID-aakc-8r79-7bbs","summary":"LibRaw: DoS in parse_rollei function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5818.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5818.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5818","reference_id":"","reference_type":"","scores":[{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66905","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67025","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67005","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66943","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66993","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.66944","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77818","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77793","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77812","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77801","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77668","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77667","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77704","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77703","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77697","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77728","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77737","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77751","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77764","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5818"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"},{"reference_url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/","reference_id":"","reference_type":"","scores":[],"url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/"},{"reference_url":"https://www.libraw.org/news/libraw-0-19-2-release","reference_id":"","reference_type":"","scores":[],"url":"https://www.libraw.org/news/libraw-0-19-2-release"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661608","reference_id":"1661608","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661608"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5818","reference_id":"CVE-2018-5818","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5818"},{"reference_url":"https://usn.ubuntu.com/3989-1/","reference_id":"USN-3989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928378?format=json","purl":"pkg:deb/debian/libraw@0.19.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5818"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aakc-8r79-7bbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35805?format=json","vulnerability_id":"VCID-abzn-gut6-y3cz","summary":"Multiple vulnerabilities have been found in LibRaw, the worst of\n    which may allow attackers to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24889.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24889.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24889","reference_id":"","reference_type":"","scores":[{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76054","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76086","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76067","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.761","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76114","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7614","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76115","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76113","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76154","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76157","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76179","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76189","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76201","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76212","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76241","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76264","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7625","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76265","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24889"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/334","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/334"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1882339","reference_id":"1882339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1882339"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24889","reference_id":"CVE-2020-24889","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24889"},{"reference_url":"https://security.gentoo.org/glsa/202010-05","reference_id":"GLSA-202010-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202010-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928380?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-24889"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abzn-gut6-y3cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72444?format=json","vulnerability_id":"VCID-affs-bchw-93bx","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6886.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6886.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6886","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68823","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69032","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6904","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69007","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68842","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68862","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68843","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68892","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68911","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68934","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68919","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68931","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68941","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.6892","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68971","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68982","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68962","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.69005","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6886"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6887"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1451640","reference_id":"1451640","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1451640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183","reference_id":"864183","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864183"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928371?format=json","purl":"pkg:deb/debian/libraw@0.18.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-6886"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-affs-bchw-93bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83702?format=json","vulnerability_id":"VCID-b7yv-7e6a-nfhy","summary":"LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5802.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5802","reference_id":"","reference_type":"","scores":[{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71509","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71516","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71533","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71506","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71546","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71558","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71581","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71565","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71547","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71593","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71598","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71577","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71628","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71637","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71622","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71657","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.7169","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00679","scoring_system":"epss","scoring_elements":"0.71686","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5802"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553335","reference_id":"1553335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3065","reference_id":"RHSA-2018:3065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3065"},{"reference_url":"https://usn.ubuntu.com/3615-1/","reference_id":"USN-3615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928375?format=json","purl":"pkg:deb/debian/libraw@0.18.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5802"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7yv-7e6a-nfhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32048?format=json","vulnerability_id":"VCID-c7f1-d627-z3dm","summary":"Multiple vulnerabilities have been found in LibRaw and libkdcraw,\n    the worst of which may lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1438.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1438","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.64997","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65024","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.64987","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65051","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65069","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65058","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65031","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.64948","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66595","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66569","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66589","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.6649","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66508","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66516","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66532","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66533","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66507","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00512","scoring_system":"epss","scoring_elements":"0.66551","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1002714","reference_id":"1002714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1002714"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721231","reference_id":"721231","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721231"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721232","reference_id":"721232","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721232"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721233","reference_id":"721233","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721233"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721236","reference_id":"721236","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721236"},{"reference_url":"https://security.gentoo.org/glsa/201309-09","reference_id":"GLSA-201309-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-09"},{"reference_url":"https://usn.ubuntu.com/1964-1/","reference_id":"USN-1964-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1964-1/"},{"reference_url":"https://usn.ubuntu.com/1978-1/","reference_id":"USN-1978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928361?format=json","purl":"pkg:deb/debian/libraw@0.15.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1438"],"risk_score":1.0,"exploitability":"0.5","weighted_severity":"2.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7f1-d627-z3dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48135?format=json","vulnerability_id":"VCID-car8-7w1p-2uhx","summary":"Multiple vulnerabilities have been found in LibRaw, the worst of\n    which may allow attackers to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8367.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8367.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8367","reference_id":"","reference_type":"","scores":[{"value":"0.00975","scoring_system":"epss","scoring_elements":"0.7682","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00975","scoring_system":"epss","scoring_elements":"0.76804","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00975","scoring_system":"epss","scoring_elements":"0.76815","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00975","scoring_system":"epss","scoring_elements":"0.76759","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00975","scoring_system":"epss","scoring_elements":"0.76766","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00975","scoring_system":"epss","scoring_elements":"0.76778","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00975","scoring_system":"epss","scoring_elements":"0.76797","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82461","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82457","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82384","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82492","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82399","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82416","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82413","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82441","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82447","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82466","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01779","scoring_system":"epss","scoring_elements":"0.82732","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01779","scoring_system":"epss","scoring_elements":"0.8273","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287076","reference_id":"1287076","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1287076"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809","reference_id":"806809","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806809"},{"reference_url":"https://security.archlinux.org/AVG-92","reference_id":"AVG-92","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-92"},{"reference_url":"https://security.gentoo.org/glsa/201701-60","reference_id":"GLSA-201701-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-60"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928368?format=json","purl":"pkg:deb/debian/libraw@0.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.17.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8367"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-car8-7w1p-2uhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83426?format=json","vulnerability_id":"VCID-cm22-ayty-xqes","summary":"LibRaw: stack-based buffer overflow in LibRaw::parse_exif() and subsequently execute arbitrary code","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5809.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5809","reference_id":"","reference_type":"","scores":[{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83256","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83287","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83286","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.8331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83319","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83325","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.8336","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83361","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83362","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83385","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83393","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83394","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83418","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83439","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83458","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.8346","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01917","scoring_system":"epss","scoring_elements":"0.83477","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661520","reference_id":"1661520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5809"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm22-ayty-xqes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81390?format=json","vulnerability_id":"VCID-cx7p-nhr2-v3ay","summary":"LibRaw: Memory corruption in \"crxFreeSubbandData()\" function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35534.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35534.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35534","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3637","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36205","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36254","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36273","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36278","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36241","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36217","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3626","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36244","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36192","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.3596","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35928","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35841","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35723","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35792","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35814","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35745","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35534"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122360","reference_id":"2122360","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122360"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928379?format=json","purl":"pkg:deb/debian/libraw@0.20.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35534"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cx7p-nhr2-v3ay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82936?format=json","vulnerability_id":"VCID-dgk8-b6fk-t7b6","summary":"LibRaw: DoS in parse_sinar_ia function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5819.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5819.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5819","reference_id":"","reference_type":"","scores":[{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68874","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68984","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68961","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68942","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.68892","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75706","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75679","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75704","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.7569","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75574","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75567","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75608","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75592","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.7563","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75635","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75646","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75649","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5819"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"},{"reference_url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/","reference_id":"","reference_type":"","scores":[],"url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/"},{"reference_url":"https://www.libraw.org/news/libraw-0-19-2-release","reference_id":"","reference_type":"","scores":[],"url":"https://www.libraw.org/news/libraw-0-19-2-release"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661604","reference_id":"1661604","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661604"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5819","reference_id":"CVE-2018-5819","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5819"},{"reference_url":"https://usn.ubuntu.com/3989-1/","reference_id":"USN-3989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928378?format=json","purl":"pkg:deb/debian/libraw@0.19.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5819"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgk8-b6fk-t7b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70183?format=json","vulnerability_id":"VCID-fbf4-mwnn-vqdp","summary":"LibRaw: out-of-buffer access","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43963.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43963.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43963","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54155","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54208","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54185","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5416","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54258","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54219","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54262","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54243","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54222","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.58961","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5905","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59021","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59068","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5901","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43963"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43963","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43963"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4","reference_id":"0.21.3...0.21.4","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/"}],"url":"https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103782","reference_id":"1103782","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103782"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361288","reference_id":"2361288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361288"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964","reference_id":"be26e7639ecf8beb55f124ce780e99842de2e964","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/"}],"url":"https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964"},{"reference_url":"https://www.libraw.org/news/libraw-0-21-4-release","reference_id":"libraw-0-21-4-release","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:13:31Z/"}],"url":"https://www.libraw.org/news/libraw-0-21-4-release"},{"reference_url":"https://usn.ubuntu.com/7485-1/","reference_id":"USN-7485-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7485-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928382?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928383?format=json","purl":"pkg:deb/debian/libraw@0.21.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-43963"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbf4-mwnn-vqdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83424?format=json","vulnerability_id":"VCID-feqd-qmgg-kyer","summary":"libRaw: NULL pointer dereference in nikon_coolscan_load_raw in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5812.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5812.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5812","reference_id":"","reference_type":"","scores":[{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.6624","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.6628","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66306","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66337","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66344","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66349","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66365","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.6635","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66372","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66387","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66363","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66408","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66452","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66425","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66446","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5812"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610486","reference_id":"1610486","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610486"},{"reference_url":"https://usn.ubuntu.com/3838-1/","reference_id":"USN-3838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5812"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-feqd-qmgg-kyer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83973?format=json","vulnerability_id":"VCID-g76c-qem2-pyeq","summary":"libraw: Heap-based 1 byte buffer over-write in processCanonCameraInfo function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14348.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14348.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14348","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61989","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61966","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61947","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61945","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61962","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61955","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.619","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61948","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62008","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73797","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73779","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.7377","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73812","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73723","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73761","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73775","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73732","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00785","scoring_system":"epss","scoring_elements":"0.73756","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14348"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/100","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/100"},{"reference_url":"http://www.securityfocus.com/bid/100866","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100866"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492121","reference_id":"1492121","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492121"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14348","reference_id":"CVE-2017-14348","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14348"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928369?format=json","purl":"pkg:deb/debian/libraw@0.18.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14348"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g76c-qem2-pyeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83423?format=json","vulnerability_id":"VCID-gfwy-pxzr-gqa6","summary":"LibRaw: out-of-bounds read in nikon_coolscan_load_raw in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5811.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5811.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5811","reference_id":"","reference_type":"","scores":[{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6617","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66211","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66238","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66208","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66255","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66268","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66289","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66275","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66244","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66294","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66278","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66302","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66317","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66337","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.6638","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66353","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66374","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5811"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5811","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5811"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610483","reference_id":"1610483","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610483"},{"reference_url":"https://usn.ubuntu.com/3838-1/","reference_id":"USN-3838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5811"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfwy-pxzr-gqa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83974?format=json","vulnerability_id":"VCID-h27f-krz7-bkdv","summary":"libraw: Out-of-bounds read in the kodak_65000_load_raw function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14608.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14608.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14608","reference_id":"","reference_type":"","scores":[{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54612","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.5473","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54709","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54686","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54634","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54676","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54682","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54704","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54674","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54726","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54722","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54735","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54737","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.54718","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00316","scoring_system":"epss","scoring_elements":"0.5469","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14608"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/101","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/101"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499687","reference_id":"1499687","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499687"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14608","reference_id":"CVE-2017-14608","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14608"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928369?format=json","purl":"pkg:deb/debian/libraw@0.18.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14608"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h27f-krz7-bkdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83421?format=json","vulnerability_id":"VCID-h8wv-qjp1-abe5","summary":"LibRaw: out-of-bounds read in samsung_load_raw in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5807.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5807","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65024","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65101","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65065","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65113","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65127","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65146","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65136","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65108","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65145","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65154","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65138","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65167","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65166","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65148","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65195","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6524","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65209","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65231","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5807"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610469","reference_id":"1610469","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610469"},{"reference_url":"https://usn.ubuntu.com/3838-1/","reference_id":"USN-3838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5807"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8wv-qjp1-abe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78146?format=json","vulnerability_id":"VCID-hqh8-vz5n-23c9","summary":"libraw: Out of bounds read in LibRaw::stretch() function in libraw\\src\\postprocessing\\aspect_ratio.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22628.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-22628.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22628","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25313","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25386","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25049","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25041","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25101","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25031","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25422","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25198","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25268","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25324","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25283","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2523","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2524","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.252","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25156","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25144","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.251","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.24978","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22628"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234992","reference_id":"2234992","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234992"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/269","reference_id":"269","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:03:55Z/"}],"url":"https://github.com/LibRaw/LibRaw/issues/269"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T18:03:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/09/msg00007.html"},{"reference_url":"https://usn.ubuntu.com/6377-1/","reference_id":"USN-6377-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6377-1/"},{"reference_url":"https://usn.ubuntu.com/7266-1/","reference_id":"USN-7266-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7266-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928379?format=json","purl":"pkg:deb/debian/libraw@0.20.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-22628"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hqh8-vz5n-23c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83505?format=json","vulnerability_id":"VCID-hsza-kpb5-vqb9","summary":"LibRaw: Stack-based buffer overflow in libraw_cxx.cpp:utf2char() allows for potential code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10528.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10528","reference_id":"","reference_type":"","scores":[{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83356","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83573","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83537","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83556","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83557","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83369","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83384","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83408","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83418","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83427","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83458","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83482","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83489","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83491","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0194","scoring_system":"epss","scoring_elements":"0.83515","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/commit/efd8cfabb93fd0396266a7607069901657c082e3"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/144","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/144"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574313","reference_id":"1574313","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574313"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897185","reference_id":"897185","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897185"},{"reference_url":"https://security.archlinux.org/ASA-201805-2","reference_id":"ASA-201805-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-2"},{"reference_url":"https://security.archlinux.org/AVG-681","reference_id":"AVG-681","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-681"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10528","reference_id":"CVE-2018-10528","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10528"},{"reference_url":"https://usn.ubuntu.com/3639-1/","reference_id":"USN-3639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10528"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hsza-kpb5-vqb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32051?format=json","vulnerability_id":"VCID-hxsy-1dx6-fker","summary":"Multiple vulnerabilities have been found in LibRaw and libkdcraw,\n    the worst of which may lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2127","reference_id":"","reference_type":"","scores":[{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.75935","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.75938","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.75971","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.7595","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.75983","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.75997","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76022","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.75998","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.75992","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76032","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76034","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76019","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76057","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76066","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76078","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76085","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76114","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76137","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.76124","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00923","scoring_system":"epss","scoring_elements":"0.7614","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2127"},{"reference_url":"https://security.gentoo.org/glsa/201309-09","reference_id":"GLSA-201309-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928366?format=json","purl":"pkg:deb/debian/libraw@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2127"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxsy-1dx6-fker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83700?format=json","vulnerability_id":"VCID-k9d9-tfcf-byf3","summary":"LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5800.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5800","reference_id":"","reference_type":"","scores":[{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.80946","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.80955","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.80977","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.80976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81004","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81011","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81027","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81014","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81044","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81045","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81043","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81074","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81097","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81118","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81141","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81137","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01483","scoring_system":"epss","scoring_elements":"0.81155","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5800"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553332","reference_id":"1553332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3065","reference_id":"RHSA-2018:3065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3065"},{"reference_url":"https://usn.ubuntu.com/3615-1/","reference_id":"USN-3615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928375?format=json","purl":"pkg:deb/debian/libraw@0.18.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5800"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k9d9-tfcf-byf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83596?format=json","vulnerability_id":"VCID-knwc-32r8-b7cu","summary":"LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5806.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5806.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5806","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60053","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60088","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60094","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.59951","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66452","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66425","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66446","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66349","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66365","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.6635","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66372","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66387","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66363","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66408","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5806"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591897","reference_id":"1591897","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3065","reference_id":"RHSA-2018:3065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3065"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928376?format=json","purl":"pkg:deb/debian/libraw@0.18.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5806"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knwc-32r8-b7cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83506?format=json","vulnerability_id":"VCID-m4v4-63we-dqex","summary":"LibRaw: Out-of-bounds read in X3F property table list functionality in libraw_x3f.cpp and libraw_cxx.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10529.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10529","reference_id":"","reference_type":"","scores":[{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.60973","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61166","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61069","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61118","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61177","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61051","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61079","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61045","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61093","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61109","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.6113","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61116","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61098","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61139","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61145","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61127","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61128","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00406","scoring_system":"epss","scoring_elements":"0.61121","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/144","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/144"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574325","reference_id":"1574325","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574325"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897186","reference_id":"897186","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897186"},{"reference_url":"https://security.archlinux.org/ASA-201805-2","reference_id":"ASA-201805-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-2"},{"reference_url":"https://security.archlinux.org/AVG-681","reference_id":"AVG-681","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-681"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.18.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10529","reference_id":"CVE-2018-10529","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10529"},{"reference_url":"https://usn.ubuntu.com/3639-1/","reference_id":"USN-3639-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3639-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10529"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4v4-63we-dqex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82938?format=json","vulnerability_id":"VCID-mkyj-pu8d-kbbu","summary":"LibRaw: DoS in unpacked_load_raw function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5817.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5817.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5817","reference_id":"","reference_type":"","scores":[{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.7859","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78793","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78763","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78779","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78776","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78597","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78628","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78609","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78634","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78641","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78665","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78647","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.7864","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78669","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78667","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78664","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78694","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78702","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.78719","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01167","scoring_system":"epss","scoring_elements":"0.7874","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5817"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00036.html"},{"reference_url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/","reference_id":"","reference_type":"","scores":[],"url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-27/"},{"reference_url":"https://www.libraw.org/news/libraw-0-19-2-release","reference_id":"","reference_type":"","scores":[],"url":"https://www.libraw.org/news/libraw-0-19-2-release"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661612","reference_id":"1661612","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661612"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5817","reference_id":"CVE-2018-5817","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5817"},{"reference_url":"https://usn.ubuntu.com/3989-1/","reference_id":"USN-3989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928378?format=json","purl":"pkg:deb/debian/libraw@0.19.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5817"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyj-pu8d-kbbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83425?format=json","vulnerability_id":"VCID-n8g7-9k7s-17g3","summary":"LibRaw: stack-based buffer overflow in find_green() leads to arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5808.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5808.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5808","reference_id":"","reference_type":"","scores":[{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84711","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84727","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84748","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.8477","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84777","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84795","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84791","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84785","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84807","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84808","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84805","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84832","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84842","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84841","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84857","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84882","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84895","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02316","scoring_system":"epss","scoring_elements":"0.84911","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661518","reference_id":"1661518","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661518"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5808"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8g7-9k7s-17g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81467?format=json","vulnerability_id":"VCID-n9u1-b4b8-sqft","summary":"LibRaw: Out of bounds write in new_node() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35530.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35530","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08119","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08257","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08237","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08114","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.081","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08199","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08272","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08339","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08319","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08349","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35530"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122339","reference_id":"2122339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122339"},{"reference_url":"https://usn.ubuntu.com/5715-1/","reference_id":"USN-5715-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5715-1/"},{"reference_url":"https://usn.ubuntu.com/7266-1/","reference_id":"USN-7266-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7266-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928379?format=json","purl":"pkg:deb/debian/libraw@0.20.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35530"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9u1-b4b8-sqft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32049?format=json","vulnerability_id":"VCID-ngzk-excs-akbw","summary":"Multiple vulnerabilities have been found in LibRaw and libkdcraw,\n    the worst of which may lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1439.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1439.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1439","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64787","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64837","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64864","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64877","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64908","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64899","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64871","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64919","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64904","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64922","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64931","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64911","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.6496","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65002","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64971","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.64993","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1002714","reference_id":"1002714","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1002714"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721338","reference_id":"721338","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721339","reference_id":"721339","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721339"},{"reference_url":"https://security.gentoo.org/glsa/201309-09","reference_id":"GLSA-201309-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-09"},{"reference_url":"https://usn.ubuntu.com/1964-1/","reference_id":"USN-1964-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1964-1/"},{"reference_url":"https://usn.ubuntu.com/1978-1/","reference_id":"USN-1978-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1978-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928361?format=json","purl":"pkg:deb/debian/libraw@0.15.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1439"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngzk-excs-akbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82933?format=json","vulnerability_id":"VCID-njj5-wx27-xqd4","summary":"LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20337.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20337.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20337","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58397","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58346","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58297","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58339","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58331","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5835","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58325","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58401","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58379","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58392","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58396","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58373","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58333","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20337"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/192","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/192"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661555","reference_id":"1661555","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661555"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080","reference_id":"917080","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917080"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.19.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:0.19.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:0.19.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20337","reference_id":"CVE-2018-20337","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1766","reference_id":"RHSA-2020:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1766"},{"reference_url":"https://usn.ubuntu.com/3989-1/","reference_id":"USN-3989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928373?format=json","purl":"pkg:deb/debian/libraw@0.19.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20337"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njj5-wx27-xqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83701?format=json","vulnerability_id":"VCID-nnw4-axam-qbb2","summary":"LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5801.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5801","reference_id":"","reference_type":"","scores":[{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78131","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78113","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.7814","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78101","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78092","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01111","scoring_system":"epss","scoring_elements":"0.78146","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.814","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81422","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81418","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81436","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81289","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81326","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81329","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81328","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81351","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81358","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.81364","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01527","scoring_system":"epss","scoring_elements":"0.8138","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5801"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553334","reference_id":"1553334","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1553334"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3065","reference_id":"RHSA-2018:3065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3065"},{"reference_url":"https://usn.ubuntu.com/3615-1/","reference_id":"USN-3615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928375?format=json","purl":"pkg:deb/debian/libraw@0.18.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5801"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnw4-axam-qbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81470?format=json","vulnerability_id":"VCID-npjj-h25x-c7ge","summary":"LibRaw: Out-of-bounds read in get_huffman_diff() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35531.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35531.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35531","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08119","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08182","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08257","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08237","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0822","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08114","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.081","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08261","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08199","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08164","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08138","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08272","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08339","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08319","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08349","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35531"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122356","reference_id":"2122356","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122356"},{"reference_url":"https://usn.ubuntu.com/5715-1/","reference_id":"USN-5715-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5715-1/"},{"reference_url":"https://usn.ubuntu.com/7266-1/","reference_id":"USN-7266-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7266-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928379?format=json","purl":"pkg:deb/debian/libraw@0.20.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35531"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-npjj-h25x-c7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83594?format=json","vulnerability_id":"VCID-pknf-eqgp-nqba","summary":"LibRaw: type confusion error in identify() function in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5804.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5804","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54453","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54529","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54552","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54521","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54567","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54579","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5454","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54577","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54578","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54556","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5452","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54535","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54514","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54463","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54505","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5456","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54519","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54546","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591879","reference_id":"1591879","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1591879"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928376?format=json","purl":"pkg:deb/debian/libraw@0.18.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5804"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pknf-eqgp-nqba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81132?format=json","vulnerability_id":"VCID-pnd8-8z2d-4bh3","summary":"LibRaw: lack of thumbnail size range check can lead to buffer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15503.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15503.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15503","reference_id":"","reference_type":"","scores":[{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88169","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88178","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88194","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88199","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88225","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88236","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88229","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88228","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88242","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88241","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.8826","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88265","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88267","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88279","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88294","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88307","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88305","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0387","scoring_system":"epss","scoring_elements":"0.88318","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15503"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1853477","reference_id":"1853477","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1853477"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964747","reference_id":"964747","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964747"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15503","reference_id":"CVE-2020-15503","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15503"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4451","reference_id":"RHSA-2020:4451","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4451"},{"reference_url":"https://usn.ubuntu.com/5715-1/","reference_id":"USN-5715-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5715-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928379?format=json","purl":"pkg:deb/debian/libraw@0.20.0-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.0-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15503"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnd8-8z2d-4bh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32050?format=json","vulnerability_id":"VCID-qncn-bvgd-r3eq","summary":"Multiple vulnerabilities have been found in LibRaw and libkdcraw,\n    the worst of which may lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2126.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2126","reference_id":"","reference_type":"","scores":[{"value":"0.02433","scoring_system":"epss","scoring_elements":"0.85246","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02433","scoring_system":"epss","scoring_elements":"0.85266","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02433","scoring_system":"epss","scoring_elements":"0.8526","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02433","scoring_system":"epss","scoring_elements":"0.85275","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87056","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.8707","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87064","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87059","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87006","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87079","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87076","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87095","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87101","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87121","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87075","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87017","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03225","scoring_system":"epss","scoring_elements":"0.87029","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2126"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353","reference_id":"710353","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711316","reference_id":"711316","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=968385","reference_id":"968385","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=968385"},{"reference_url":"https://security.gentoo.org/glsa/201309-09","reference_id":"GLSA-201309-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-09"},{"reference_url":"https://usn.ubuntu.com/1884-1/","reference_id":"USN-1884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1884-1/"},{"reference_url":"https://usn.ubuntu.com/1885-1/","reference_id":"USN-1885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1885-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928365?format=json","purl":"pkg:deb/debian/libraw@0.15.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.15.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2126"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qncn-bvgd-r3eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83800?format=json","vulnerability_id":"VCID-s2hb-xe27-ryeq","summary":"libraw: Heap-buffer overflow in the LibRaw::panasonic_load_raw() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16909.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16909.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16909","reference_id":"","reference_type":"","scores":[{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68575","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68776","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68785","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68751","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68611","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68589","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.6864","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68658","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68682","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68668","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68678","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68689","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68669","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68717","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68723","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68729","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00571","scoring_system":"epss","scoring_elements":"0.68749","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16909"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524859","reference_id":"1524859","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524859"},{"reference_url":"https://usn.ubuntu.com/3615-1/","reference_id":"USN-3615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928370?format=json","purl":"pkg:deb/debian/libraw@0.18.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16909"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s2hb-xe27-ryeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83254?format=json","vulnerability_id":"VCID-sptp-9b5b-r7gq","summary":"LibRaw: Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5816.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5816.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5816","reference_id":"","reference_type":"","scores":[{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.7002","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70032","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70023","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70071","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70087","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70111","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70097","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70127","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70136","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70167","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70174","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70173","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70149","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70191","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70223","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70192","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70219","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5816"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610156","reference_id":"1610156","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610156"},{"reference_url":"https://usn.ubuntu.com/3838-1/","reference_id":"USN-3838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928377?format=json","purl":"pkg:deb/debian/libraw@0.18.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5816"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sptp-9b5b-r7gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82923?format=json","vulnerability_id":"VCID-tb2p-ef7f-f7cj","summary":"libraw: Heap-based buffer overflow in LibRaw::raw2image() resulting in a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20365.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20365","reference_id":"","reference_type":"","scores":[{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63343","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63546","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.635","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63554","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63519","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63403","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63429","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63395","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63464","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63482","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63466","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.6343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63463","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63471","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63456","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63474","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63487","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00445","scoring_system":"epss","scoring_elements":"0.63483","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20365"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/195","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/195"},{"reference_url":"http://www.securityfocus.com/bid/106299","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106299"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663964","reference_id":"1663964","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663964"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917111","reference_id":"917111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917111"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20365","reference_id":"CVE-2018-20365","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20365"},{"reference_url":"https://usn.ubuntu.com/3989-1/","reference_id":"USN-3989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928374?format=json","purl":"pkg:deb/debian/libraw@0.19.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20365"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tb2p-ef7f-f7cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17597?format=json","vulnerability_id":"VCID-th8h-py4c-47da","summary":"Out-of-bounds Write\nA flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1729.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1729","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19558","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19604","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19325","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19454","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19411","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19354","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19315","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19223","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19182","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19075","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19157","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19322","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19336","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19234","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21049","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21054","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21031","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1729"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188240","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/557","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/557"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZ6XF5WTPJ4GLXQ62JVRDZSVSJHXNQU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E5ZJ3UBTJBZHNPJQFOSGM5L7WAHHE2GY/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036281","reference_id":"1036281","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036281"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1729","reference_id":"CVE-2023-1729","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1729"},{"reference_url":"https://security.gentoo.org/glsa/202312-08","reference_id":"GLSA-202312-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202312-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2137","reference_id":"RHSA-2024:2137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2137"},{"reference_url":"https://usn.ubuntu.com/6137-1/","reference_id":"USN-6137-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6137-1/"},{"reference_url":"https://usn.ubuntu.com/7266-1/","reference_id":"USN-7266-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7266-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928381?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2023-1729"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-th8h-py4c-47da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81169?format=json","vulnerability_id":"VCID-u8vk-5w4q-4baj","summary":"LibRaw: out-of-bounds write in parse_exif function in metadata/exif_gps.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15365.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15365","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51731","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51806","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51767","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51822","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51819","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5185","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51877","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51883","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51866","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51814","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5182","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51777","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51726","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51778","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51821","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51783","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51808","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852093","reference_id":"1852093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852093"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15365","reference_id":"CVE-2020-15365","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15365"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928366?format=json","purl":"pkg:deb/debian/libraw@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15365"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8vk-5w4q-4baj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60652?format=json","vulnerability_id":"VCID-urry-mwtn-9ua4","summary":"A buffer overread in LibRaw might allow an attacker to cause denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24870.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24870","reference_id":"","reference_type":"","scores":[{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68831","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68849","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.6887","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.6885","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.689","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68919","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68942","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68927","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68898","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68939","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68949","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68928","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68979","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.68985","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.6899","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.6897","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.69014","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.69048","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.69016","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00581","scoring_system":"epss","scoring_elements":"0.69041","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24870"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928794","reference_id":"1928794","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928794"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24870","reference_id":"CVE-2020-24870","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24870"},{"reference_url":"https://security.gentoo.org/glsa/202208-07","reference_id":"GLSA-202208-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-07"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4381","reference_id":"RHSA-2021:4381","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4381"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928380?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-24870"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urry-mwtn-9ua4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83422?format=json","vulnerability_id":"VCID-v4se-wza6-a3dt","summary":"libRaw: heap-based buffer overflow in rollei_load_raw in internal/dcraw_common.cpp","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5810.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5810","reference_id":"","reference_type":"","scores":[{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.65977","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66019","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66015","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66064","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66077","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66096","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66053","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66088","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66102","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.6609","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66111","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66122","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.6612","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66098","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66143","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66185","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66157","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00502","scoring_system":"epss","scoring_elements":"0.66179","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5810"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610479","reference_id":"1610479","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1610479"},{"reference_url":"https://usn.ubuntu.com/3838-1/","reference_id":"USN-3838-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3838-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928372?format=json","purl":"pkg:deb/debian/libraw@0.18.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5810"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4se-wza6-a3dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83986?format=json","vulnerability_id":"VCID-wgdh-xnty-mbga","summary":"libraw: Stack based buffer overflow in the xtrans_interpolate function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14265.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14265.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14265","reference_id":"","reference_type":"","scores":[{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76259","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76135","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76175","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76196","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76206","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76236","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76258","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76245","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76062","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76095","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76109","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76134","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.7611","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76107","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76148","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00931","scoring_system":"epss","scoring_elements":"0.76152","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01644","scoring_system":"epss","scoring_elements":"0.81894","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82397","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01731","scoring_system":"epss","scoring_elements":"0.82415","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/99","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/99"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494405","reference_id":"1494405","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494405"},{"reference_url":"https://security.archlinux.org/ASA-201709-18","reference_id":"ASA-201709-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201709-18"},{"reference_url":"https://security.archlinux.org/AVG-410","reference_id":"AVG-410","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-410"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14265","reference_id":"CVE-2017-14265","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14265"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928369?format=json","purl":"pkg:deb/debian/libraw@0.18.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.18.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-14265"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdh-xnty-mbga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36434?format=json","vulnerability_id":"VCID-xswq-6aae-nqfb","summary":"A buffer overflow in DCRaw might allow remote attackers to cause a\n    Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3885.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3885","reference_id":"","reference_type":"","scores":[{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87805","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87659","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87669","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87682","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87683","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87704","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.8771","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87721","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87715","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87713","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87727","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87724","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87742","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87749","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87747","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87761","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87776","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87794","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03564","scoring_system":"epss","scoring_elements":"0.87791","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5684"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1221249","reference_id":"1221249","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1221249"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019","reference_id":"785019","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785019"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785","reference_id":"786785","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786785"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788","reference_id":"786788","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786788"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786790","reference_id":"786790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786790"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792","reference_id":"786792","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786792"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792299","reference_id":"792299","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792299"},{"reference_url":"https://security.gentoo.org/glsa/201701-54","reference_id":"GLSA-201701-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-54"},{"reference_url":"https://security.gentoo.org/glsa/201701-60","reference_id":"GLSA-201701-60","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-60"},{"reference_url":"https://security.gentoo.org/glsa/201706-17","reference_id":"GLSA-201706-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201706-17"},{"reference_url":"https://usn.ubuntu.com/3492-1/","reference_id":"USN-3492-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3492-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928367?format=json","purl":"pkg:deb/debian/libraw@0.16.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.16.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3885"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xswq-6aae-nqfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70180?format=json","vulnerability_id":"VCID-y455-nxwt-7ygd","summary":"LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag Parser in LibRaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43961.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43961","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54155","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54208","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54185","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5416","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54258","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5424","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54219","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54262","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54243","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54222","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.58961","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5905","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59021","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.59068","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00373","scoring_system":"epss","scoring_elements":"0.5901","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43961"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4","reference_id":"0.21.3...0.21.4","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/"}],"url":"https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781","reference_id":"1103781","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103781"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361283","reference_id":"2361283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361283"},{"reference_url":"https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2","reference_id":"66fe663e02a4dd610b4e832f5d9af326709336c2","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/"}],"url":"https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2"},{"reference_url":"https://www.libraw.org/news/libraw-0-21-4-release","reference_id":"libraw-0-21-4-release","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:14:46Z/"}],"url":"https://www.libraw.org/news/libraw-0-21-4-release"},{"reference_url":"https://usn.ubuntu.com/7485-1/","reference_id":"USN-7485-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7485-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928382?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928383?format=json","purl":"pkg:deb/debian/libraw@0.21.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-43961"],"risk_score":1.3,"exploitability":"0.5","weighted_severity":"2.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y455-nxwt-7ygd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82929?format=json","vulnerability_id":"VCID-zez2-rb1h-6yef","summary":"libraw: NULL pointer dereference in LibRaw::raw2image resulting in a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20363.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20363.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20363","reference_id":"","reference_type":"","scores":[{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.6549","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65604","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65618","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65538","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65568","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65534","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65599","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0049","scoring_system":"epss","scoring_elements":"0.65587","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65816","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65783","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65827","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65798","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65702","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65737","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65751","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65736","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6575","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65761","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6576","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65734","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20363"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/LibRaw/LibRaw/issues/193","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/LibRaw/LibRaw/issues/193"},{"reference_url":"http://www.securityfocus.com/bid/106299","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106299"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663960","reference_id":"1663960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663960"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917113","reference_id":"917113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917113"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libraw:libraw:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20363","reference_id":"CVE-2018-20363","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20363"},{"reference_url":"https://usn.ubuntu.com/3989-1/","reference_id":"USN-3989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928374?format=json","purl":"pkg:deb/debian/libraw@0.19.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.19.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928362?format=json","purl":"pkg:deb/debian/libraw@0.20.2-1%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928360?format=json","purl":"pkg:deb/debian/libraw@0.20.2-2.1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928364?format=json","purl":"pkg:deb/debian/libraw@0.21.4-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-16gd-uc62-9ufj"},{"vulnerability":"VCID-6xx8-17hs-dycx"},{"vulnerability":"VCID-7fkh-bs2q-3kh9"},{"vulnerability":"VCID-fcxc-babh-jkdy"},{"vulnerability":"VCID-fhgt-mdjx-3bap"},{"vulnerability":"VCID-j71m-zp3s-jfhr"},{"vulnerability":"VCID-jv1c-typs-bfed"},{"vulnerability":"VCID-sqs3-hagf-xfg9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928363?format=json","purl":"pkg:deb/debian/libraw@0.21.5b-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.21.5b-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1112548?format=json","purl":"pkg:deb/debian/libraw@0.22.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.22.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20363"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zez2-rb1h-6yef"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libraw@0.20.2-2.1%252Bdeb12u1%3Fdistro=trixie"}