Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/exiv2@0?distro=trixie
Typedeb
Namespacedebian
Nameexiv2
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.9
Latest_non_vulnerable_version0.28.8+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1h73-a2by-p3bu
vulnerability_id VCID-1h73-a2by-p3bu
summary Exiv2 0.26 contains a heap buffer overflow in tiff parser
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000127.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000127.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000127
reference_id
reference_type
scores
0
value 0.00357
scoring_system epss
scoring_elements 0.58198
published_at 2026-06-04T12:55:00Z
1
value 0.00357
scoring_system epss
scoring_elements 0.58229
published_at 2026-06-08T12:55:00Z
2
value 0.00357
scoring_system epss
scoring_elements 0.58255
published_at 2026-06-06T12:55:00Z
3
value 0.00357
scoring_system epss
scoring_elements 0.58244
published_at 2026-06-07T12:55:00Z
4
value 0.00357
scoring_system epss
scoring_elements 0.58247
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000127
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url http://www.openwall.com/lists/oss-security/2017/06/30/1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://www.openwall.com/lists/oss-security/2017/06/30/1
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1524426
reference_id 1524426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1524426
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-1000127, PYSEC-2017-116
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1h73-a2by-p3bu
1
url VCID-23h9-admu-dybh
vulnerability_id VCID-23h9-admu-dybh
summary There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14858.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14858.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14858
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51016
published_at 2026-06-04T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.51049
published_at 2026-06-09T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.51061
published_at 2026-06-07T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.5103
published_at 2026-06-08T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.51077
published_at 2026-06-05T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.51083
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14858
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1494782
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1494782
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500307
reference_id 1500307
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500307
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-14858, PYSEC-2017-131
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-23h9-admu-dybh
2
url VCID-3a29-r3ds-9kgf
vulnerability_id VCID-3a29-r3ds-9kgf
summary The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10772.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10772.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10772
reference_id
reference_type
scores
0
value 0.00563
scoring_system epss
scoring_elements 0.6874
published_at 2026-06-04T12:55:00Z
1
value 0.00563
scoring_system epss
scoring_elements 0.6878
published_at 2026-06-05T12:55:00Z
2
value 0.00563
scoring_system epss
scoring_elements 0.68789
published_at 2026-06-06T12:55:00Z
3
value 0.00563
scoring_system epss
scoring_elements 0.68781
published_at 2026-06-07T12:55:00Z
4
value 0.00563
scoring_system epss
scoring_elements 0.68766
published_at 2026-06-08T12:55:00Z
5
value 0.00563
scoring_system epss
scoring_elements 0.68785
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10772
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1594627
reference_id 1594627
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1594627
4
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-10772
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3a29-r3ds-9kgf
3
url VCID-4f4g-anr8-b3h4
vulnerability_id VCID-4f4g-anr8-b3h4
summary There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11592.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11592.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11592
reference_id
reference_type
scores
0
value 0.01065
scoring_system epss
scoring_elements 0.7806
published_at 2026-06-09T12:55:00Z
1
value 0.01065
scoring_system epss
scoring_elements 0.78064
published_at 2026-06-06T12:55:00Z
2
value 0.01065
scoring_system epss
scoring_elements 0.78054
published_at 2026-06-07T12:55:00Z
3
value 0.01065
scoring_system epss
scoring_elements 0.78042
published_at 2026-06-08T12:55:00Z
4
value 0.01065
scoring_system epss
scoring_elements 0.7803
published_at 2026-06-04T12:55:00Z
5
value 0.01065
scoring_system epss
scoring_elements 0.78058
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11592
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1473889
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1473889
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1475727
reference_id 1475727
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1475727
5
reference_url https://security.archlinux.org/AVG-360
reference_id AVG-360
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-360
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-11592, PYSEC-2017-125
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4f4g-anr8-b3h4
4
url VCID-6ev6-pu6d-qkbx
vulnerability_id VCID-6ev6-pu6d-qkbx
summary In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8977.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8977.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8977
reference_id
reference_type
scores
0
value 0.00339
scoring_system epss
scoring_elements 0.56915
published_at 2026-06-04T12:55:00Z
1
value 0.00339
scoring_system epss
scoring_elements 0.56946
published_at 2026-06-08T12:55:00Z
2
value 0.00339
scoring_system epss
scoring_elements 0.56966
published_at 2026-06-05T12:55:00Z
3
value 0.00339
scoring_system epss
scoring_elements 0.56961
published_at 2026-06-07T12:55:00Z
4
value 0.00339
scoring_system epss
scoring_elements 0.56973
published_at 2026-06-06T12:55:00Z
5
value 0.00339
scoring_system epss
scoring_elements 0.56964
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8977
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/247
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/247
5
reference_url https://security.gentoo.org/glsa/201811-14
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://security.gentoo.org/glsa/201811-14
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1561217
reference_id 1561217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1561217
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-8977, PYSEC-2018-147
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ev6-pu6d-qkbx
5
url VCID-7379-a4b1-47gg
vulnerability_id VCID-7379-a4b1-47gg
summary There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14866.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14866.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14866
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51016
published_at 2026-06-04T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.51049
published_at 2026-06-09T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.51061
published_at 2026-06-07T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.5103
published_at 2026-06-08T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.51077
published_at 2026-06-05T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.51083
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14866
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1494781
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1494781
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500310
reference_id 1500310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500310
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-14866, PYSEC-2017-139
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7379-a4b1-47gg
6
url VCID-93u1-y2t9-ube3
vulnerability_id VCID-93u1-y2t9-ube3
summary Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14046.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14046.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14046
reference_id
reference_type
scores
0
value 0.00376
scoring_system epss
scoring_elements 0.59542
published_at 2026-06-09T12:55:00Z
1
value 0.00376
scoring_system epss
scoring_elements 0.59499
published_at 2026-06-04T12:55:00Z
2
value 0.00376
scoring_system epss
scoring_elements 0.59543
published_at 2026-06-07T12:55:00Z
3
value 0.00376
scoring_system epss
scoring_elements 0.59524
published_at 2026-06-08T12:55:00Z
4
value 0.00376
scoring_system epss
scoring_elements 0.59549
published_at 2026-06-05T12:55:00Z
5
value 0.00376
scoring_system epss
scoring_elements 0.59552
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14046
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/378
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://github.com/Exiv2/exiv2/issues/378
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1601628
reference_id 1601628
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1601628
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-14046, PYSEC-2018-133
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93u1-y2t9-ube3
7
url VCID-97m5-gar1-tka7
vulnerability_id VCID-97m5-gar1-tka7
summary There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11339.json
reference_id
reference_type
scores
0
value 4.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11339.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11339
reference_id
reference_type
scores
0
value 0.00664
scoring_system epss
scoring_elements 0.71591
published_at 2026-06-04T12:55:00Z
1
value 0.00664
scoring_system epss
scoring_elements 0.71636
published_at 2026-06-05T12:55:00Z
2
value 0.00664
scoring_system epss
scoring_elements 0.71642
published_at 2026-06-06T12:55:00Z
3
value 0.00664
scoring_system epss
scoring_elements 0.71618
published_at 2026-06-07T12:55:00Z
4
value 0.00664
scoring_system epss
scoring_elements 0.71604
published_at 2026-06-08T12:55:00Z
5
value 0.00664
scoring_system epss
scoring_elements 0.71625
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11339
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1470946
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1470946
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1474329
reference_id 1474329
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1474329
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-11339, PYSEC-2017-121
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-97m5-gar1-tka7
8
url VCID-ad6d-tcus-8uhx
vulnerability_id VCID-ad6d-tcus-8uhx
summary Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17230.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17230.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17230
reference_id
reference_type
scores
0
value 0.00547
scoring_system epss
scoring_elements 0.68234
published_at 2026-06-09T12:55:00Z
1
value 0.00547
scoring_system epss
scoring_elements 0.68193
published_at 2026-06-04T12:55:00Z
2
value 0.00547
scoring_system epss
scoring_elements 0.6824
published_at 2026-06-06T12:55:00Z
3
value 0.00547
scoring_system epss
scoring_elements 0.68217
published_at 2026-06-08T12:55:00Z
4
value 0.00547
scoring_system epss
scoring_elements 0.68232
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17230
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/455
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/455
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632484
reference_id 1632484
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632484
6
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-17230, PYSEC-2018-137
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6d-tcus-8uhx
9
url VCID-ad6q-hs4w-8bhe
vulnerability_id VCID-ad6q-hs4w-8bhe
summary There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20099.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20099.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20099
reference_id
reference_type
scores
0
value 0.00868
scoring_system epss
scoring_elements 0.75558
published_at 2026-06-09T12:55:00Z
1
value 0.00868
scoring_system epss
scoring_elements 0.75552
published_at 2026-06-05T12:55:00Z
2
value 0.00868
scoring_system epss
scoring_elements 0.75556
published_at 2026-06-06T12:55:00Z
3
value 0.00868
scoring_system epss
scoring_elements 0.75546
published_at 2026-06-07T12:55:00Z
4
value 0.00868
scoring_system epss
scoring_elements 0.75532
published_at 2026-06-08T12:55:00Z
5
value 0.00868
scoring_system epss
scoring_elements 0.75524
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20099
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/590
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/590
5
reference_url https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1660426
reference_id 1660426
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1660426
8
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-20099, PYSEC-2018-120
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6q-hs4w-8bhe
10
url VCID-bgbt-u9hf-2ycm
vulnerability_id VCID-bgbt-u9hf-2ycm
summary multiple issues
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17724.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17724.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17724
reference_id
reference_type
scores
0
value 0.00448
scoring_system epss
scoring_elements 0.63919
published_at 2026-06-09T12:55:00Z
1
value 0.00448
scoring_system epss
scoring_elements 0.63872
published_at 2026-06-04T12:55:00Z
2
value 0.00448
scoring_system epss
scoring_elements 0.63914
published_at 2026-06-05T12:55:00Z
3
value 0.00448
scoring_system epss
scoring_elements 0.63921
published_at 2026-06-06T12:55:00Z
4
value 0.00448
scoring_system epss
scoring_elements 0.63912
published_at 2026-06-07T12:55:00Z
5
value 0.00448
scoring_system epss
scoring_elements 0.63899
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17724
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1524107
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1524107
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/Exiv2/exiv2/issues/263
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/263
6
reference_url https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md
7
reference_url https://security.gentoo.org/glsa/201811-14
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://security.gentoo.org/glsa/201811-14
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1545237
reference_id 1545237
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1545237
9
reference_url https://security.archlinux.org/AVG-614
reference_id AVG-614
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-614
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-17724, PYSEC-2018-123
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbt-u9hf-2ycm
11
url VCID-bm2u-9ce9-wyc3
vulnerability_id VCID-bm2u-9ce9-wyc3
summary In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9305.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9305.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9305
reference_id
reference_type
scores
0
value 0.00575
scoring_system epss
scoring_elements 0.69141
published_at 2026-06-04T12:55:00Z
1
value 0.00575
scoring_system epss
scoring_elements 0.69181
published_at 2026-06-07T12:55:00Z
2
value 0.00575
scoring_system epss
scoring_elements 0.69184
published_at 2026-06-09T12:55:00Z
3
value 0.00575
scoring_system epss
scoring_elements 0.69189
published_at 2026-06-06T12:55:00Z
4
value 0.00575
scoring_system epss
scoring_elements 0.69165
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9305
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566735
reference_id 1566735
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566735
4
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-9305
risk_score 2.0
exploitability 0.5
weighted_severity 4.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bm2u-9ce9-wyc3
12
url VCID-bmer-9dca-g7ff
vulnerability_id VCID-bmer-9dca-g7ff
summary 
Exiv2 allows Use After Free
A heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file.

Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26623.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26623.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26623
reference_id
reference_type
scores
0
value 0.01101
scoring_system epss
scoring_elements 0.78428
published_at 2026-06-06T12:55:00Z
1
value 0.01101
scoring_system epss
scoring_elements 0.78423
published_at 2026-06-09T12:55:00Z
2
value 0.01101
scoring_system epss
scoring_elements 0.78419
published_at 2026-06-05T12:55:00Z
3
value 0.01101
scoring_system epss
scoring_elements 0.78405
published_at 2026-06-08T12:55:00Z
4
value 0.01101
scoring_system epss
scoring_elements 0.78418
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26623
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/Exiv2/exiv2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Exiv2/exiv2
4
reference_url https://github.com/Exiv2/exiv2/issues/3168
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:53:08Z/
url https://github.com/Exiv2/exiv2/issues/3168
5
reference_url https://github.com/Exiv2/exiv2/pull/3174
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Exiv2/exiv2/pull/3174
6
reference_url https://github.com/jim-easterbrook/python-exiv2/commit/4cc875e392f9e0bc705fe03d929b9a382b78dae4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jim-easterbrook/python-exiv2/commit/4cc875e392f9e0bc705fe03d929b9a382b78dae4
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098323
reference_id 1098323
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098323
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2346345
reference_id 2346345
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2346345
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26623
reference_id CVE-2025-26623
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26623
10
reference_url https://github.com/advisories/GHSA-38h4-fx85-qcx7
reference_id GHSA-38h4-fx85-qcx7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38h4-fx85-qcx7
11
reference_url https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7
reference_id GHSA-38h4-fx85-qcx7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:53:08Z/
url https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7
12
reference_url https://access.redhat.com/errata/RHSA-2025:7457
reference_id RHSA-2025:7457
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7457
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.4%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/exiv2@0.28.4%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.4%252Bdfsg-2%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-26623, GHSA-38h4-fx85-qcx7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmer-9dca-g7ff
13
url VCID-cka9-nwgq-4qep
vulnerability_id VCID-cka9-nwgq-4qep
summary There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11340.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11340.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11340
reference_id
reference_type
scores
0
value 0.01388
scoring_system epss
scoring_elements 0.80672
published_at 2026-06-04T12:55:00Z
1
value 0.01388
scoring_system epss
scoring_elements 0.80699
published_at 2026-06-05T12:55:00Z
2
value 0.01388
scoring_system epss
scoring_elements 0.80701
published_at 2026-06-06T12:55:00Z
3
value 0.01388
scoring_system epss
scoring_elements 0.80697
published_at 2026-06-07T12:55:00Z
4
value 0.01388
scoring_system epss
scoring_elements 0.80694
published_at 2026-06-08T12:55:00Z
5
value 0.01388
scoring_system epss
scoring_elements 0.80713
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11340
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1470950
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1470950
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1474334
reference_id 1474334
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1474334
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-11340, PYSEC-2017-122
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cka9-nwgq-4qep
14
url VCID-cu7e-4mjv-k7dc
vulnerability_id VCID-cu7e-4mjv-k7dc
summary In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9145.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9145.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9145
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57648
published_at 2026-06-09T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57644
published_at 2026-06-05T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57652
published_at 2026-06-06T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57643
published_at 2026-06-07T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.5763
published_at 2026-06-08T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57591
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9145
2
reference_url https://bugzilla.novell.com/show_bug.cgi?id=1087879
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.novell.com/show_bug.cgi?id=1087879
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1564281
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1564281
4
reference_url https://github.com/xiaoqx/pocs/tree/master/exiv2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/xiaoqx/pocs/tree/master/exiv2
5
reference_url https://security.gentoo.org/glsa/201811-14
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://security.gentoo.org/glsa/201811-14
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-9145, PYSEC-2018-148
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cu7e-4mjv-k7dc
15
url VCID-e3h8-bw1t-jbhj
vulnerability_id VCID-e3h8-bw1t-jbhj
summary There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9953.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9953.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9953
reference_id
reference_type
scores
0
value 0.00656
scoring_system epss
scoring_elements 0.71393
published_at 2026-06-04T12:55:00Z
1
value 0.00656
scoring_system epss
scoring_elements 0.71437
published_at 2026-06-05T12:55:00Z
2
value 0.00656
scoring_system epss
scoring_elements 0.71443
published_at 2026-06-06T12:55:00Z
3
value 0.00656
scoring_system epss
scoring_elements 0.7142
published_at 2026-06-07T12:55:00Z
4
value 0.00656
scoring_system epss
scoring_elements 0.71405
published_at 2026-06-08T12:55:00Z
5
value 0.00656
scoring_system epss
scoring_elements 0.71429
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9953
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1465061
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1465061
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1469769
reference_id 1469769
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1469769
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-9953, PYSEC-2017-142
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3h8-bw1t-jbhj
16
url VCID-eenj-tdpp-aqam
vulnerability_id VCID-eenj-tdpp-aqam
summary In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14857.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14857.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14857
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49643
published_at 2026-06-04T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49706
published_at 2026-06-05T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49716
published_at 2026-06-06T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49699
published_at 2026-06-07T12:55:00Z
4
value 0.00261
scoring_system epss
scoring_elements 0.49669
published_at 2026-06-08T12:55:00Z
5
value 0.00261
scoring_system epss
scoring_elements 0.49685
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14857
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1495043
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1495043
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500306
reference_id 1500306
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500306
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-14857, PYSEC-2017-130
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eenj-tdpp-aqam
17
url VCID-embr-qynr-jkb3
vulnerability_id VCID-embr-qynr-jkb3
summary Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44398.json
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44398.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-44398
reference_id
reference_type
scores
0
value 0.00645
scoring_system epss
scoring_elements 0.71111
published_at 2026-06-05T12:55:00Z
1
value 0.00645
scoring_system epss
scoring_elements 0.71087
published_at 2026-06-08T12:55:00Z
2
value 0.00645
scoring_system epss
scoring_elements 0.71101
published_at 2026-06-07T12:55:00Z
3
value 0.00645
scoring_system epss
scoring_elements 0.71118
published_at 2026-06-06T12:55:00Z
4
value 0.00645
scoring_system epss
scoring_elements 0.71112
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-44398
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:14:54Z/
url https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5
4
reference_url https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:14:54Z/
url https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2248428
reference_id 2248428
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2248428
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2023-44398, GHSA-hrw9-ggg3-3r4r, PYSEC-2023-233
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-embr-qynr-jkb3
18
url VCID-fmhz-da2z-hyau
vulnerability_id VCID-fmhz-da2z-hyau
summary An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17282.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17282.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17282
reference_id
reference_type
scores
0
value 0.00527
scoring_system epss
scoring_elements 0.67497
published_at 2026-06-09T12:55:00Z
1
value 0.00527
scoring_system epss
scoring_elements 0.67462
published_at 2026-06-04T12:55:00Z
2
value 0.00527
scoring_system epss
scoring_elements 0.67498
published_at 2026-06-07T12:55:00Z
3
value 0.00527
scoring_system epss
scoring_elements 0.67482
published_at 2026-06-08T12:55:00Z
4
value 0.00527
scoring_system epss
scoring_elements 0.67503
published_at 2026-06-05T12:55:00Z
5
value 0.00527
scoring_system epss
scoring_elements 0.6751
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17282
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/Exiv2/exiv2/issues/457
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/457
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632490
reference_id 1632490
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632490
7
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-17282, PYSEC-2018-138
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmhz-da2z-hyau
19
url VCID-fra4-1eda-tfew
vulnerability_id VCID-fra4-1eda-tfew
summary Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000128.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000128.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000128
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53545
published_at 2026-06-04T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53575
published_at 2026-06-08T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53612
published_at 2026-06-06T12:55:00Z
3
value 0.00299
scoring_system epss
scoring_elements 0.53599
published_at 2026-06-09T12:55:00Z
4
value 0.00299
scoring_system epss
scoring_elements 0.53603
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000128
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url http://www.openwall.com/lists/oss-security/2017/06/30/1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://www.openwall.com/lists/oss-security/2017/06/30/1
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1524427
reference_id 1524427
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1524427
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-1000128, PYSEC-2017-117
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fra4-1eda-tfew
20
url VCID-fycx-5cnk-4ba1
vulnerability_id VCID-fycx-5cnk-4ba1
summary There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12955.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12955.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12955
reference_id
reference_type
scores
0
value 0.01121
scoring_system epss
scoring_elements 0.78588
published_at 2026-06-04T12:55:00Z
1
value 0.01121
scoring_system epss
scoring_elements 0.78615
published_at 2026-06-05T12:55:00Z
2
value 0.01121
scoring_system epss
scoring_elements 0.78623
published_at 2026-06-06T12:55:00Z
3
value 0.01121
scoring_system epss
scoring_elements 0.78614
published_at 2026-06-07T12:55:00Z
4
value 0.01121
scoring_system epss
scoring_elements 0.78602
published_at 2026-06-08T12:55:00Z
5
value 0.01121
scoring_system epss
scoring_elements 0.7862
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12955
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1482295
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1482295
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1487207
reference_id 1487207
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1487207
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-12955, PYSEC-2017-127
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fycx-5cnk-4ba1
21
url VCID-hbf6-amz5-cycv
vulnerability_id VCID-hbf6-amz5-cycv
summary Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39695.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39695.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39695
reference_id
reference_type
scores
0
value 0.00144
scoring_system epss
scoring_elements 0.34502
published_at 2026-06-09T12:55:00Z
1
value 0.00144
scoring_system epss
scoring_elements 0.34543
published_at 2026-06-05T12:55:00Z
2
value 0.00144
scoring_system epss
scoring_elements 0.34559
published_at 2026-06-06T12:55:00Z
3
value 0.00144
scoring_system epss
scoring_elements 0.34524
published_at 2026-06-07T12:55:00Z
4
value 0.00144
scoring_system epss
scoring_elements 0.34482
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39695
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2296343
reference_id 2296343
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2296343
4
reference_url https://github.com/Exiv2/exiv2/pull/3006
reference_id 3006
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/
url https://github.com/Exiv2/exiv2/pull/3006
5
reference_url https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387
reference_id 3a28346db5ae1735a8728fe3491b0aecc1dbf387
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/
url https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387
6
reference_url https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh
reference_id GHSA-38rv-8x93-pvrh
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/
url https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh
7
reference_url https://security.gentoo.org/glsa/202603-01
reference_id GLSA-202603-01
reference_type
scores
url https://security.gentoo.org/glsa/202603-01
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-39695
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbf6-amz5-cycv
22
url VCID-hwjj-wq2h-6uez
vulnerability_id VCID-hwjj-wq2h-6uez
summary There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12956.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12956.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12956
reference_id
reference_type
scores
0
value 0.01065
scoring_system epss
scoring_elements 0.7803
published_at 2026-06-04T12:55:00Z
1
value 0.01065
scoring_system epss
scoring_elements 0.78058
published_at 2026-06-05T12:55:00Z
2
value 0.01065
scoring_system epss
scoring_elements 0.78064
published_at 2026-06-06T12:55:00Z
3
value 0.01065
scoring_system epss
scoring_elements 0.78054
published_at 2026-06-07T12:55:00Z
4
value 0.01065
scoring_system epss
scoring_elements 0.78042
published_at 2026-06-08T12:55:00Z
5
value 0.01065
scoring_system epss
scoring_elements 0.7806
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12956
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1482296
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1482296
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1487208
reference_id 1487208
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1487208
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-12956, PYSEC-2017-128
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwjj-wq2h-6uez
23
url VCID-j896-jqs5-hfau
vulnerability_id VCID-j896-jqs5-hfau
summary There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11337.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11337.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11337
reference_id
reference_type
scores
0
value 0.01388
scoring_system epss
scoring_elements 0.80672
published_at 2026-06-04T12:55:00Z
1
value 0.01388
scoring_system epss
scoring_elements 0.80699
published_at 2026-06-05T12:55:00Z
2
value 0.01388
scoring_system epss
scoring_elements 0.80701
published_at 2026-06-06T12:55:00Z
3
value 0.01388
scoring_system epss
scoring_elements 0.80697
published_at 2026-06-07T12:55:00Z
4
value 0.01388
scoring_system epss
scoring_elements 0.80694
published_at 2026-06-08T12:55:00Z
5
value 0.01388
scoring_system epss
scoring_elements 0.80713
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11337
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1470737
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1470737
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1474319
reference_id 1474319
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1474319
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-11337, PYSEC-2017-119
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j896-jqs5-hfau
24
url VCID-jd2z-aqhw-9ud6
vulnerability_id VCID-jd2z-aqhw-9ud6
summary There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11338.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11338.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11338
reference_id
reference_type
scores
0
value 0.01065
scoring_system epss
scoring_elements 0.7803
published_at 2026-06-04T12:55:00Z
1
value 0.01065
scoring_system epss
scoring_elements 0.7806
published_at 2026-06-09T12:55:00Z
2
value 0.01065
scoring_system epss
scoring_elements 0.78064
published_at 2026-06-06T12:55:00Z
3
value 0.01065
scoring_system epss
scoring_elements 0.78054
published_at 2026-06-07T12:55:00Z
4
value 0.01065
scoring_system epss
scoring_elements 0.78042
published_at 2026-06-08T12:55:00Z
5
value 0.01065
scoring_system epss
scoring_elements 0.78058
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11338
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1470913
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1470913
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:C
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1474325
reference_id 1474325
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1474325
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-11338, PYSEC-2017-120
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jd2z-aqhw-9ud6
25
url VCID-jmv4-wvpq-cbfk
vulnerability_id VCID-jmv4-wvpq-cbfk
summary In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9304.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9304
reference_id
reference_type
scores
0
value 0.00455
scoring_system epss
scoring_elements 0.64157
published_at 2026-06-04T12:55:00Z
1
value 0.00455
scoring_system epss
scoring_elements 0.64201
published_at 2026-06-05T12:55:00Z
2
value 0.00455
scoring_system epss
scoring_elements 0.64209
published_at 2026-06-06T12:55:00Z
3
value 0.00455
scoring_system epss
scoring_elements 0.64199
published_at 2026-06-07T12:55:00Z
4
value 0.00455
scoring_system epss
scoring_elements 0.64186
published_at 2026-06-08T12:55:00Z
5
value 0.00455
scoring_system epss
scoring_elements 0.64206
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9304
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566731
reference_id 1566731
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566731
4
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-9304
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jmv4-wvpq-cbfk
26
url VCID-kjcd-gdds-83ed
vulnerability_id VCID-kjcd-gdds-83ed
summary In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9303.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9303.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-9303
reference_id
reference_type
scores
0
value 0.00433
scoring_system epss
scoring_elements 0.6306
published_at 2026-06-04T12:55:00Z
1
value 0.00433
scoring_system epss
scoring_elements 0.63104
published_at 2026-06-05T12:55:00Z
2
value 0.00433
scoring_system epss
scoring_elements 0.63112
published_at 2026-06-06T12:55:00Z
3
value 0.00433
scoring_system epss
scoring_elements 0.63102
published_at 2026-06-07T12:55:00Z
4
value 0.00433
scoring_system epss
scoring_elements 0.63089
published_at 2026-06-08T12:55:00Z
5
value 0.00433
scoring_system epss
scoring_elements 0.63106
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-9303
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566725
reference_id 1566725
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566725
4
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-9303
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjcd-gdds-83ed
27
url VCID-nfsr-y727-xfdr
vulnerability_id VCID-nfsr-y727-xfdr
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17722.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17722.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17722
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53647
published_at 2026-06-04T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53715
published_at 2026-06-06T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53702
published_at 2026-06-09T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.53678
published_at 2026-06-08T12:55:00Z
4
value 0.003
scoring_system epss
scoring_elements 0.53706
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17722
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1524116
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1524116
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1545246
reference_id 1545246
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1545246
5
reference_url https://security.archlinux.org/AVG-614
reference_id AVG-614
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-614
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-17722, PYSEC-2018-121
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfsr-y727-xfdr
28
url VCID-njc6-a4sc-73d7
vulnerability_id VCID-njc6-a4sc-73d7
summary A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13111.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13111.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13111
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50942
published_at 2026-06-04T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.51004
published_at 2026-06-05T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.51009
published_at 2026-06-06T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50989
published_at 2026-06-07T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50959
published_at 2026-06-08T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50976
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13111
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1728488
reference_id 1728488
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1728488
4
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2019-13111
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njc6-a4sc-73d7
29
url VCID-nxmk-4qat-ryaz
vulnerability_id VCID-nxmk-4qat-ryaz
summary There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11553.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11553.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11553
reference_id
reference_type
scores
0
value 0.01065
scoring_system epss
scoring_elements 0.7806
published_at 2026-06-09T12:55:00Z
1
value 0.01065
scoring_system epss
scoring_elements 0.78064
published_at 2026-06-06T12:55:00Z
2
value 0.01065
scoring_system epss
scoring_elements 0.78054
published_at 2026-06-07T12:55:00Z
3
value 0.01065
scoring_system epss
scoring_elements 0.78042
published_at 2026-06-08T12:55:00Z
4
value 0.01065
scoring_system epss
scoring_elements 0.7803
published_at 2026-06-04T12:55:00Z
5
value 0.01065
scoring_system epss
scoring_elements 0.78058
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11553
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1471772
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1471772
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1475368
reference_id 1475368
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1475368
5
reference_url https://security.archlinux.org/AVG-360
reference_id AVG-360
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-360
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-11553, PYSEC-2017-123
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxmk-4qat-ryaz
30
url VCID-qfz8-jkrd-cyag
vulnerability_id VCID-qfz8-jkrd-cyag
summary There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14860.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14860.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14860
reference_id
reference_type
scores
0
value 0.00298
scoring_system epss
scoring_elements 0.5343
published_at 2026-06-04T12:55:00Z
1
value 0.00298
scoring_system epss
scoring_elements 0.5349
published_at 2026-06-05T12:55:00Z
2
value 0.00298
scoring_system epss
scoring_elements 0.53499
published_at 2026-06-06T12:55:00Z
3
value 0.00298
scoring_system epss
scoring_elements 0.53482
published_at 2026-06-07T12:55:00Z
4
value 0.00298
scoring_system epss
scoring_elements 0.53457
published_at 2026-06-08T12:55:00Z
5
value 0.00298
scoring_system epss
scoring_elements 0.5348
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14860
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1494776
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1494776
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500316
reference_id 1500316
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500316
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-14860, PYSEC-2017-133
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qfz8-jkrd-cyag
31
url VCID-qhsp-b3au-qyfm
vulnerability_id VCID-qhsp-b3au-qyfm
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17723.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17723.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17723
reference_id
reference_type
scores
0
value 0.0061
scoring_system epss
scoring_elements 0.70208
published_at 2026-06-09T12:55:00Z
1
value 0.0061
scoring_system epss
scoring_elements 0.70214
published_at 2026-06-06T12:55:00Z
2
value 0.0061
scoring_system epss
scoring_elements 0.70197
published_at 2026-06-07T12:55:00Z
3
value 0.0061
scoring_system epss
scoring_elements 0.70163
published_at 2026-06-04T12:55:00Z
4
value 0.0061
scoring_system epss
scoring_elements 0.70185
published_at 2026-06-08T12:55:00Z
5
value 0.0061
scoring_system epss
scoring_elements 0.70205
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17723
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1524104
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1524104
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://security.gentoo.org/glsa/201811-14
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
url https://security.gentoo.org/glsa/201811-14
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1545249
reference_id 1545249
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1545249
6
reference_url https://security.archlinux.org/AVG-614
reference_id AVG-614
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-614
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-17723, PYSEC-2018-122
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsp-b3au-qyfm
32
url VCID-qkk8-uyc3-dkdv
vulnerability_id VCID-qkk8-uyc3-dkdv
summary There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12957.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12957.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12957
reference_id
reference_type
scores
0
value 0.01065
scoring_system epss
scoring_elements 0.7803
published_at 2026-06-04T12:55:00Z
1
value 0.01065
scoring_system epss
scoring_elements 0.7806
published_at 2026-06-09T12:55:00Z
2
value 0.01065
scoring_system epss
scoring_elements 0.78064
published_at 2026-06-06T12:55:00Z
3
value 0.01065
scoring_system epss
scoring_elements 0.78054
published_at 2026-06-07T12:55:00Z
4
value 0.01065
scoring_system epss
scoring_elements 0.78042
published_at 2026-06-08T12:55:00Z
5
value 0.01065
scoring_system epss
scoring_elements 0.78058
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12957
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1482423
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1482423
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1487210
reference_id 1487210
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1487210
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-12957, PYSEC-2017-129
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qkk8-uyc3-dkdv
33
url VCID-rwpd-cchu-bbh4
vulnerability_id VCID-rwpd-cchu-bbh4
summary Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14368.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14368.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14368
reference_id
reference_type
scores
0
value 0.00254
scoring_system epss
scoring_elements 0.48919
published_at 2026-06-04T12:55:00Z
1
value 0.00254
scoring_system epss
scoring_elements 0.48955
published_at 2026-06-09T12:55:00Z
2
value 0.00254
scoring_system epss
scoring_elements 0.48972
published_at 2026-06-07T12:55:00Z
3
value 0.00254
scoring_system epss
scoring_elements 0.48941
published_at 2026-06-08T12:55:00Z
4
value 0.00254
scoring_system epss
scoring_elements 0.48981
published_at 2026-06-05T12:55:00Z
5
value 0.00254
scoring_system epss
scoring_elements 0.4899
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14368
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/Exiv2/exiv2/issues/952
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://github.com/Exiv2/exiv2/issues/952
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1747229
reference_id 1747229
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1747229
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2019-14368, PYSEC-2019-244
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rwpd-cchu-bbh4
34
url VCID-tae2-z12a-8kbq
vulnerability_id VCID-tae2-z12a-8kbq
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17725.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17725.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17725
reference_id
reference_type
scores
0
value 0.00563
scoring_system epss
scoring_elements 0.68785
published_at 2026-06-09T12:55:00Z
1
value 0.00563
scoring_system epss
scoring_elements 0.68789
published_at 2026-06-06T12:55:00Z
2
value 0.00563
scoring_system epss
scoring_elements 0.68781
published_at 2026-06-07T12:55:00Z
3
value 0.00563
scoring_system epss
scoring_elements 0.6874
published_at 2026-06-04T12:55:00Z
4
value 0.00563
scoring_system epss
scoring_elements 0.68766
published_at 2026-06-08T12:55:00Z
5
value 0.00563
scoring_system epss
scoring_elements 0.6878
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17725
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1525055
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1525055
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/188
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/188
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1545232
reference_id 1545232
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1545232
6
reference_url https://security.archlinux.org/AVG-614
reference_id AVG-614
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-614
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-17725, PYSEC-2018-124
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tae2-z12a-8kbq
35
url VCID-tc49-j8nx-4bas
vulnerability_id VCID-tc49-j8nx-4bas
summary A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14863.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14863.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14863
reference_id
reference_type
scores
0
value 0.00278
scoring_system epss
scoring_elements 0.51467
published_at 2026-06-04T12:55:00Z
1
value 0.00278
scoring_system epss
scoring_elements 0.51528
published_at 2026-06-05T12:55:00Z
2
value 0.00278
scoring_system epss
scoring_elements 0.51534
published_at 2026-06-06T12:55:00Z
3
value 0.00278
scoring_system epss
scoring_elements 0.51512
published_at 2026-06-07T12:55:00Z
4
value 0.00278
scoring_system epss
scoring_elements 0.51478
published_at 2026-06-08T12:55:00Z
5
value 0.00278
scoring_system epss
scoring_elements 0.51498
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14863
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1494443
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1494443
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500319
reference_id 1500319
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500319
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-14863, PYSEC-2017-136
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc49-j8nx-4bas
36
url VCID-tv8d-va4r-1uc3
vulnerability_id VCID-tv8d-va4r-1uc3
summary Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10780.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10780.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10780
reference_id
reference_type
scores
0
value 0.00238
scoring_system epss
scoring_elements 0.47062
published_at 2026-06-09T12:55:00Z
1
value 0.00238
scoring_system epss
scoring_elements 0.47081
published_at 2026-06-07T12:55:00Z
2
value 0.00238
scoring_system epss
scoring_elements 0.47051
published_at 2026-06-08T12:55:00Z
3
value 0.00238
scoring_system epss
scoring_elements 0.4703
published_at 2026-06-04T12:55:00Z
4
value 0.00238
scoring_system epss
scoring_elements 0.47095
published_at 2026-06-05T12:55:00Z
5
value 0.00238
scoring_system epss
scoring_elements 0.47098
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10780
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1575201
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1575201
3
reference_url https://security.gentoo.org/glsa/201811-14
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://security.gentoo.org/glsa/201811-14
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1577319
reference_id 1577319
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1577319
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-10780, PYSEC-2018-125
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tv8d-va4r-1uc3
37
url VCID-us67-ewt7-bfh5
vulnerability_id VCID-us67-ewt7-bfh5
summary Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17229.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17229.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17229
reference_id
reference_type
scores
0
value 0.00547
scoring_system epss
scoring_elements 0.68234
published_at 2026-06-09T12:55:00Z
1
value 0.00547
scoring_system epss
scoring_elements 0.68193
published_at 2026-06-04T12:55:00Z
2
value 0.00547
scoring_system epss
scoring_elements 0.6824
published_at 2026-06-06T12:55:00Z
3
value 0.00547
scoring_system epss
scoring_elements 0.68217
published_at 2026-06-08T12:55:00Z
4
value 0.00547
scoring_system epss
scoring_elements 0.68232
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17229
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/453
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/453
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1632481
reference_id 1632481
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1632481
6
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-17229, PYSEC-2018-136
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-us67-ewt7-bfh5
38
url VCID-v1yg-wf6x-a7gq
vulnerability_id VCID-v1yg-wf6x-a7gq
summary exiv2 0.26 contains a Stack out of bounds read in webp parser
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000126.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000126.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000126
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55353
published_at 2026-06-08T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.55379
published_at 2026-06-05T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55384
published_at 2026-06-06T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55323
published_at 2026-06-04T12:55:00Z
4
value 0.0032
scoring_system epss
scoring_elements 0.55373
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000126
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url http://www.openwall.com/lists/oss-security/2017/06/30/1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://www.openwall.com/lists/oss-security/2017/06/30/1
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1524425
reference_id 1524425
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1524425
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-1000126, PYSEC-2017-115
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1yg-wf6x-a7gq
39
url VCID-v6zn-dj5h-5fg3
vulnerability_id VCID-v6zn-dj5h-5fg3
summary There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20098.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20098.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20098
reference_id
reference_type
scores
0
value 0.01025
scoring_system epss
scoring_elements 0.77655
published_at 2026-06-09T12:55:00Z
1
value 0.01025
scoring_system epss
scoring_elements 0.77649
published_at 2026-06-05T12:55:00Z
2
value 0.01025
scoring_system epss
scoring_elements 0.77657
published_at 2026-06-06T12:55:00Z
3
value 0.01025
scoring_system epss
scoring_elements 0.77647
published_at 2026-06-07T12:55:00Z
4
value 0.01025
scoring_system epss
scoring_elements 0.77636
published_at 2026-06-08T12:55:00Z
5
value 0.01025
scoring_system epss
scoring_elements 0.77621
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20098
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/590
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/590
5
reference_url https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1660425
reference_id 1660425
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1660425
8
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-20098, PYSEC-2018-119
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v6zn-dj5h-5fg3
40
url VCID-w5kz-9ah9-pud7
vulnerability_id VCID-w5kz-9ah9-pud7
summary There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20096.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20096.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20096
reference_id
reference_type
scores
0
value 0.01233
scoring_system epss
scoring_elements 0.79555
published_at 2026-06-09T12:55:00Z
1
value 0.01233
scoring_system epss
scoring_elements 0.79548
published_at 2026-06-05T12:55:00Z
2
value 0.01233
scoring_system epss
scoring_elements 0.79553
published_at 2026-06-06T12:55:00Z
3
value 0.01233
scoring_system epss
scoring_elements 0.79546
published_at 2026-06-07T12:55:00Z
4
value 0.01233
scoring_system epss
scoring_elements 0.79537
published_at 2026-06-08T12:55:00Z
5
value 0.01233
scoring_system epss
scoring_elements 0.79522
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20096
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/590
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/590
5
reference_url https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1660423
reference_id 1660423
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1660423
8
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-20096, PYSEC-2018-117
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5kz-9ah9-pud7
41
url VCID-wm1e-xrkt-5qcb
vulnerability_id VCID-wm1e-xrkt-5qcb
summary In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5772.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5772.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-5772
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62762
published_at 2026-06-07T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62761
published_at 2026-06-09T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62747
published_at 2026-06-08T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62717
published_at 2026-06-04T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62771
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-5772
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/Exiv2/exiv2/issues/216
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/216
4
reference_url https://security.gentoo.org/glsa/201811-14
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://security.gentoo.org/glsa/201811-14
5
reference_url http://www.securityfocus.com/bid/102789
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://www.securityfocus.com/bid/102789
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1536904
reference_id 1536904
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1536904
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-5772, PYSEC-2018-145
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wm1e-xrkt-5qcb
42
url VCID-wtsq-drdf-vugg
vulnerability_id VCID-wtsq-drdf-vugg
summary There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14865.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14865.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14865
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.54326
published_at 2026-06-04T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54382
published_at 2026-06-05T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.54392
published_at 2026-06-06T12:55:00Z
3
value 0.00309
scoring_system epss
scoring_elements 0.54381
published_at 2026-06-07T12:55:00Z
4
value 0.00309
scoring_system epss
scoring_elements 0.54358
published_at 2026-06-08T12:55:00Z
5
value 0.00309
scoring_system epss
scoring_elements 0.5438
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14865
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1494778
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1494778
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500309
reference_id 1500309
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500309
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-14865, PYSEC-2017-138
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtsq-drdf-vugg
43
url VCID-wwen-5xwd-bubs
vulnerability_id VCID-wwen-5xwd-bubs
summary There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11336.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11336.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11336
reference_id
reference_type
scores
0
value 0.01388
scoring_system epss
scoring_elements 0.80672
published_at 2026-06-04T12:55:00Z
1
value 0.01388
scoring_system epss
scoring_elements 0.80699
published_at 2026-06-05T12:55:00Z
2
value 0.01388
scoring_system epss
scoring_elements 0.80701
published_at 2026-06-06T12:55:00Z
3
value 0.01388
scoring_system epss
scoring_elements 0.80697
published_at 2026-06-07T12:55:00Z
4
value 0.01388
scoring_system epss
scoring_elements 0.80694
published_at 2026-06-08T12:55:00Z
5
value 0.01388
scoring_system epss
scoring_elements 0.80713
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11336
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1470729
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1470729
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1474316
reference_id 1474316
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1474316
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-11336, PYSEC-2017-118
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwen-5xwd-bubs
44
url VCID-xykr-6qd7-ukge
vulnerability_id VCID-xykr-6qd7-ukge
summary The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4868.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4868.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-4868
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.60043
published_at 2026-06-09T12:55:00Z
1
value 0.00384
scoring_system epss
scoring_elements 0.60054
published_at 2026-06-06T12:55:00Z
2
value 0.00384
scoring_system epss
scoring_elements 0.60042
published_at 2026-06-07T12:55:00Z
3
value 0.00384
scoring_system epss
scoring_elements 0.60025
published_at 2026-06-08T12:55:00Z
4
value 0.00384
scoring_system epss
scoring_elements 0.60004
published_at 2026-06-04T12:55:00Z
5
value 0.00384
scoring_system epss
scoring_elements 0.60051
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-4868
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/Exiv2/exiv2/issues/202
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/202
4
reference_url http://www.securityfocus.com/bid/102477
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://www.securityfocus.com/bid/102477
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1531724
reference_id 1531724
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1531724
6
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-4868, PYSEC-2018-144
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xykr-6qd7-ukge
45
url VCID-y72v-2749-bkh8
vulnerability_id VCID-y72v-2749-bkh8
summary There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14861.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14861.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-14861
reference_id
reference_type
scores
0
value 0.00367
scoring_system epss
scoring_elements 0.58918
published_at 2026-06-04T12:55:00Z
1
value 0.00367
scoring_system epss
scoring_elements 0.58965
published_at 2026-06-05T12:55:00Z
2
value 0.00367
scoring_system epss
scoring_elements 0.5897
published_at 2026-06-06T12:55:00Z
3
value 0.00367
scoring_system epss
scoring_elements 0.58962
published_at 2026-06-07T12:55:00Z
4
value 0.00367
scoring_system epss
scoring_elements 0.58946
published_at 2026-06-08T12:55:00Z
5
value 0.00367
scoring_system epss
scoring_elements 0.58961
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-14861
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1494787
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://bugzilla.redhat.com/show_bug.cgi?id=1494787
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1500317
reference_id 1500317
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1500317
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-14861, PYSEC-2017-134
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y72v-2749-bkh8
46
url VCID-y8jt-wz8p-cfdr
vulnerability_id VCID-y8jt-wz8p-cfdr
summary There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18915.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18915.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-18915
reference_id
reference_type
scores
0
value 0.00605
scoring_system epss
scoring_elements 0.70059
published_at 2026-06-09T12:55:00Z
1
value 0.00605
scoring_system epss
scoring_elements 0.70014
published_at 2026-06-04T12:55:00Z
2
value 0.00605
scoring_system epss
scoring_elements 0.70046
published_at 2026-06-07T12:55:00Z
3
value 0.00605
scoring_system epss
scoring_elements 0.70035
published_at 2026-06-08T12:55:00Z
4
value 0.00605
scoring_system epss
scoring_elements 0.70055
published_at 2026-06-05T12:55:00Z
5
value 0.00605
scoring_system epss
scoring_elements 0.70064
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-18915
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/Exiv2/exiv2/issues/511
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/511
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1646555
reference_id 1646555
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1646555
6
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-18915, PYSEC-2018-140
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8jt-wz8p-cfdr
47
url VCID-z661-uq5z-qud7
vulnerability_id VCID-z661-uq5z-qud7
summary Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html
1
reference_url https://access.redhat.com/errata/RHSA-2019:2101
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/errata/RHSA-2019:2101
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19607.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19607.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19607
reference_id
reference_type
scores
0
value 0.00638
scoring_system epss
scoring_elements 0.70901
published_at 2026-06-08T12:55:00Z
1
value 0.00638
scoring_system epss
scoring_elements 0.70883
published_at 2026-06-04T12:55:00Z
2
value 0.00638
scoring_system epss
scoring_elements 0.70932
published_at 2026-06-06T12:55:00Z
3
value 0.00638
scoring_system epss
scoring_elements 0.70915
published_at 2026-06-07T12:55:00Z
4
value 0.00638
scoring_system epss
scoring_elements 0.70925
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19607
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/Exiv2/exiv2/issues/561
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://github.com/Exiv2/exiv2/issues/561
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1656195
reference_id 1656195
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1656195
7
reference_url https://access.redhat.com/errata/RHSA-2020:1577
reference_id RHSA-2020:1577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1577
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-19607, PYSEC-2018-143
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z661-uq5z-qud7
48
url VCID-zbyw-f4qy-9ucs
vulnerability_id VCID-zbyw-f4qy-9ucs
summary In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14982.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14982.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14982
reference_id
reference_type
scores
0
value 0.00604
scoring_system epss
scoring_elements 0.69983
published_at 2026-06-04T12:55:00Z
1
value 0.00604
scoring_system epss
scoring_elements 0.70024
published_at 2026-06-05T12:55:00Z
2
value 0.00604
scoring_system epss
scoring_elements 0.70032
published_at 2026-06-06T12:55:00Z
3
value 0.00604
scoring_system epss
scoring_elements 0.70019
published_at 2026-06-07T12:55:00Z
4
value 0.00604
scoring_system epss
scoring_elements 0.70008
published_at 2026-06-08T12:55:00Z
5
value 0.00604
scoring_system epss
scoring_elements 0.70031
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14982
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1757909
reference_id 1757909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1757909
fixed_packages
0
url pkg:deb/debian/exiv2@0?distro=trixie
purl pkg:deb/debian/exiv2@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie
1
url pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-an21-gwsh-27d3
3
vulnerability VCID-gy1q-vkwb-eqcv
4
vulnerability VCID-hexv-f1ap-cqea
5
vulnerability VCID-pn59-u7sf-uqdd
6
vulnerability VCID-rj5c-pc4n-nbdp
7
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
purl pkg:deb/debian/exiv2@0.27.6-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-gy1q-vkwb-eqcv
3
vulnerability VCID-hexv-f1ap-cqea
4
vulnerability VCID-pn59-u7sf-uqdd
5
vulnerability VCID-rj5c-pc4n-nbdp
6
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie
3
url pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7mk5-kjpw-g7gs
1
vulnerability VCID-9f5s-42d2-dkfh
2
vulnerability VCID-hexv-f1ap-cqea
3
vulnerability VCID-rj5c-pc4n-nbdp
4
vulnerability VCID-t3as-qbf3-u3f1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2019-14982
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbyw-f4qy-9ucs
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie