{"url":"http://public2.vulnerablecode.io/api/packages/933744?format=json","purl":"pkg:deb/debian/openjpeg2@2.3.1-1?distro=trixie","type":"deb","namespace":"debian","name":"openjpeg2","version":"2.3.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.0-1","latest_non_vulnerable_version":"2.5.4-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82455?format=json","vulnerability_id":"VCID-1z5a-aa47-dyft","summary":"openjpeg: out-of-bounds read in functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c leads to denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20846.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20846.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20846","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63784","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63924","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63926","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63845","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63872","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63829","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.6388","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63897","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.6391","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63896","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63863","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63898","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63908","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.63899","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20846"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728513","reference_id":"1728513","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728513"},{"reference_url":"https://security.archlinux.org/AVG-1390","reference_id":"AVG-1390","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1390"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/933744?format=json","purl":"pkg:deb/debian/openjpeg2@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933734?format=json","purl":"pkg:deb/debian/openjpeg2@2.4.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.4.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933732?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.0-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.0-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933736?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933735?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20846"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1z5a-aa47-dyft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82453?format=json","vulnerability_id":"VCID-ecez-3pwt-pudf","summary":"openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20845.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20845","reference_id":"","reference_type":"","scores":[{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69659","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69671","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69687","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69714","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69731","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69752","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69737","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69724","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69764","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69773","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69754","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69805","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69813","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69818","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69792","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728505","reference_id":"1728505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4251","reference_id":"RHSA-2021:4251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4251"},{"reference_url":"https://usn.ubuntu.com/USN-4782-1/","reference_id":"USN-USN-4782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/933744?format=json","purl":"pkg:deb/debian/openjpeg2@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933734?format=json","purl":"pkg:deb/debian/openjpeg2@2.4.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.4.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933732?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.0-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.0-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933736?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933735?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20845"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecez-3pwt-pudf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83735?format=json","vulnerability_id":"VCID-hxax-t3zc-8kax","summary":"openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5727.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5727","reference_id":"","reference_type":"","scores":[{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72503","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.7251","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72527","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72542","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72554","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72578","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72551","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72594","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72603","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72636","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72645","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72642","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72633","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5727"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536552","reference_id":"1536552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536552"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888532","reference_id":"888532","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4251","reference_id":"RHSA-2021:4251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4251"},{"reference_url":"https://usn.ubuntu.com/4686-1/","reference_id":"USN-4686-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4686-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4782-1/","reference_id":"USN-USN-4782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/933744?format=json","purl":"pkg:deb/debian/openjpeg2@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933734?format=json","purl":"pkg:deb/debian/openjpeg2@2.4.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.4.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933732?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.0-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.0-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933736?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933735?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-5727"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxax-t3zc-8kax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82454?format=json","vulnerability_id":"VCID-xvjg-5z4m-pqdv","summary":"openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20847.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20847.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20847","reference_id":"","reference_type":"","scores":[{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.7263","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72548","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.7259","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.726","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72591","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72633","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72642","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72639","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72575","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00724","scoring_system":"epss","scoring_elements":"0.72558","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.72795","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.72799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.72819","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.72792","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.72833","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.72847","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20847"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728509","reference_id":"1728509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728509"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931294","reference_id":"931294","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4251","reference_id":"RHSA-2021:4251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4251"},{"reference_url":"https://usn.ubuntu.com/4497-1/","reference_id":"USN-4497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4497-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/933744?format=json","purl":"pkg:deb/debian/openjpeg2@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933734?format=json","purl":"pkg:deb/debian/openjpeg2@2.4.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.4.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933732?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.0-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.0-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933736?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933735?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20847"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvjg-5z4m-pqdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40224?format=json","vulnerability_id":"VCID-yb58-a8p7-v7dw","summary":"Multiple vulnerabilities have been found in OpenJPEG, the worst of\n    which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21010.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21010.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21010","reference_id":"","reference_type":"","scores":[{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74768","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74899","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74882","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74889","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74893","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74771","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74798","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74772","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74805","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74819","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74843","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74822","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74812","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74848","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74855","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74846","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21010"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00009.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00009.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1755769","reference_id":"1755769","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1755769"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939553","reference_id":"939553","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939553"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-21010","reference_id":"CVE-2018-21010","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-21010"},{"reference_url":"https://security.gentoo.org/glsa/202101-29","reference_id":"GLSA-202101-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-29"},{"reference_url":"https://usn.ubuntu.com/4497-1/","reference_id":"USN-4497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4497-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/933744?format=json","purl":"pkg:deb/debian/openjpeg2@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933734?format=json","purl":"pkg:deb/debian/openjpeg2@2.4.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.4.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933732?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.0-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.0-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933736?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933735?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-21010"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yb58-a8p7-v7dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93803?format=json","vulnerability_id":"VCID-z1a1-p95p-sya2","summary":"An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7648","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68265","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68284","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68305","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68281","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68332","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68349","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68362","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68329","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68369","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68382","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68408","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68413","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68417","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68394","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7648"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7648","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7648"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/933744?format=json","purl":"pkg:deb/debian/openjpeg2@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933734?format=json","purl":"pkg:deb/debian/openjpeg2@2.4.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.4.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933732?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.0-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.0-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933736?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933735?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-7648"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1a1-p95p-sya2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83180?format=json","vulnerability_id":"VCID-zz9f-brcy-ekdy","summary":"openjpeg: Heap-based buffer overflow in pnmtoimage function in bin/jpwl/convert.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16375.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16375","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61488","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61563","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61592","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61625","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61646","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61635","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61724","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61787","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61792","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61775","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.6177","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.61781","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16375"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626088","reference_id":"1626088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626088"},{"reference_url":"https://usn.ubuntu.com/USN-4782-1/","reference_id":"USN-USN-4782-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4782-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/933744?format=json","purl":"pkg:deb/debian/openjpeg2@2.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933734?format=json","purl":"pkg:deb/debian/openjpeg2@2.4.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.4.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933732?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.0-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.0-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933736?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.3-2.1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933735?format=json","purl":"pkg:deb/debian/openjpeg2@2.5.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.5.4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-16375"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zz9f-brcy-ekdy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openjpeg2@2.3.1-1%3Fdistro=trixie"}