Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/93835?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "exiv2", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.9", "latest_non_vulnerable_version": "0.28.8+dfsg-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35148?format=api", "vulnerability_id": "VCID-1h73-a2by-p3bu", "summary": "Exiv2 0.26 contains a heap buffer overflow in tiff parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000127.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000127.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58198", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58229", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58255", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58244", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00357", "scoring_system": "epss", "scoring_elements": "0.58247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000127" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/06/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2017/06/30/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524426", "reference_id": "1524426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000127", "PYSEC-2017-116" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1h73-a2by-p3bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35126?format=api", "vulnerability_id": "VCID-23h9-admu-dybh", "summary": "There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14858.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14858.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14858", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51016", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5103", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51083", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51061", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51077", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14858" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494782", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494782" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500307", "reference_id": "1500307", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500307" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14858", "PYSEC-2017-131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23h9-admu-dybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66962?format=api", "vulnerability_id": "VCID-3a29-r3ds-9kgf", "summary": "The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6874", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6878", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68766", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68789", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68781", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594627", "reference_id": "1594627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594627" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10772" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3a29-r3ds-9kgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35074?format=api", "vulnerability_id": "VCID-4f4g-anr8-b3h4", "summary": "There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11592.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11592.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78064", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78042", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.7803", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78054", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78058", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11592" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473889", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473889" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475727", "reference_id": "1475727", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475727" }, { "reference_url": "https://security.archlinux.org/AVG-360", "reference_id": "AVG-360", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11592", "PYSEC-2017-125" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f4g-anr8-b3h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35191?format=api", "vulnerability_id": "VCID-6ev6-pu6d-qkbx", "summary": "In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56946", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56973", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56915", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56961", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56966", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8977" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/247", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/247" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561217", "reference_id": "1561217", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561217" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-8977", "PYSEC-2018-147" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ev6-pu6d-qkbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35127?format=api", "vulnerability_id": "VCID-7379-a4b1-47gg", "summary": "There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14866.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14866.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51016", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5103", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51083", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51061", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51077", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14866" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494781", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500310", "reference_id": "1500310", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500310" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14866", "PYSEC-2017-139" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7379-a4b1-47gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35230?format=api", "vulnerability_id": "VCID-93u1-y2t9-ube3", "summary": "Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14046.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14046.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14046", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59524", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59499", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59552", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59543", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59549", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14046" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/378", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/378" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601628", "reference_id": "1601628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601628" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14046", "PYSEC-2018-133" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93u1-y2t9-ube3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35067?format=api", "vulnerability_id": "VCID-97m5-gar1-tka7", "summary": "There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11339.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11339.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11339", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71591", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71636", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71604", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71642", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00664", "scoring_system": "epss", "scoring_elements": "0.71618", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11339" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470946", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470946" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474329", "reference_id": "1474329", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474329" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11339", "PYSEC-2017-121" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97m5-gar1-tka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35263?format=api", "vulnerability_id": "VCID-ad6d-tcus-8uhx", "summary": "Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68217", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68193", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68232", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.6824", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17230" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/455", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/455" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632484", "reference_id": "1632484", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17230", "PYSEC-2018-137" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6d-tcus-8uhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35296?format=api", "vulnerability_id": "VCID-ad6q-hs4w-8bhe", "summary": "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20099.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20099.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75532", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75552", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75556", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75546", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20099" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/590", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/590" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660426", "reference_id": "1660426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20099", "PYSEC-2018-120" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6q-hs4w-8bhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7210?format=api", "vulnerability_id": "VCID-bgbt-u9hf-2ycm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17724.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17724.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63899", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63872", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63914", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63921", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63912", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17724" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524107", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524107" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/263", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/263" }, { "reference_url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/xiaoqx/pocs/blob/master/exiv2/readme.md" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545237", "reference_id": "1545237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545237" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17724", "PYSEC-2018-123" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbt-u9hf-2ycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66989?format=api", "vulnerability_id": "VCID-bm2u-9ce9-wyc3", "summary": "In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.69141", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.69181", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.69189", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.69165", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9305" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566735", "reference_id": "1566735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566735" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9305" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bm2u-9ce9-wyc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56688?format=api", "vulnerability_id": "VCID-bmer-9dca-g7ff", "summary": "Exiv2 allows Use After Free\nA heap buffer overflow was found in Exiv2 versions v0.28.0 to v0.28.4. Versions prior to v0.28.0, such as v0.27.7, are **not** affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The heap overflow is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file.\n\nNote that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fixiso`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26623.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26623.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26623", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01101", "scoring_system": "epss", "scoring_elements": "0.78405", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01101", "scoring_system": "epss", "scoring_elements": "0.78418", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01101", "scoring_system": "epss", "scoring_elements": "0.78428", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01101", "scoring_system": "epss", "scoring_elements": "0.78419", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26623" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Exiv2/exiv2" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/3168", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:53:08Z/" } ], "url": "https://github.com/Exiv2/exiv2/issues/3168" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3174", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Exiv2/exiv2/pull/3174" }, { "reference_url": "https://github.com/jim-easterbrook/python-exiv2/commit/4cc875e392f9e0bc705fe03d929b9a382b78dae4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/jim-easterbrook/python-exiv2/commit/4cc875e392f9e0bc705fe03d929b9a382b78dae4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098323", "reference_id": "1098323", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098323" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346345", "reference_id": "2346345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346345" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26623", "reference_id": "CVE-2025-26623", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26623" }, { "reference_url": "https://github.com/advisories/GHSA-38h4-fx85-qcx7", "reference_id": "GHSA-38h4-fx85-qcx7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-38h4-fx85-qcx7" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7", "reference_id": "GHSA-38h4-fx85-qcx7", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T14:53:08Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7457", "reference_id": "RHSA-2025:7457", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7457" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93869?format=api", "purl": "pkg:deb/debian/exiv2@0.28.4%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.4%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26623", "GHSA-38h4-fx85-qcx7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bmer-9dca-g7ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35071?format=api", "vulnerability_id": "VCID-cka9-nwgq-4qep", "summary": "There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11340.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11340.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80672", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80699", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80694", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80701", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80697", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11340" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470950", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470950" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474334", "reference_id": "1474334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474334" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11340", "PYSEC-2017-122" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cka9-nwgq-4qep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35193?format=api", "vulnerability_id": "VCID-cu7e-4mjv-k7dc", "summary": "In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9145.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9145.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.5763", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57591", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57644", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57652", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57643", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9145" }, { "reference_url": "https://bugzilla.novell.com/show_bug.cgi?id=1087879", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.novell.com/show_bug.cgi?id=1087879" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564281", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564281" }, { "reference_url": "https://github.com/xiaoqx/pocs/tree/master/exiv2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/xiaoqx/pocs/tree/master/exiv2" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9145", "PYSEC-2018-148" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cu7e-4mjv-k7dc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35064?format=api", "vulnerability_id": "VCID-e3h8-bw1t-jbhj", "summary": "There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9953.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9953.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71393", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71437", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71405", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.71443", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00656", "scoring_system": "epss", "scoring_elements": "0.7142", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9953" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465061", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465061" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469769", "reference_id": "1469769", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1469769" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-9953", "PYSEC-2017-142" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3h8-bw1t-jbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35129?format=api", "vulnerability_id": "VCID-eenj-tdpp-aqam", "summary": "In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14857.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49643", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49706", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49669", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49716", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49699", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14857" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495043", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495043" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500306", "reference_id": "1500306", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14857", "PYSEC-2017-130" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eenj-tdpp-aqam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36602?format=api", "vulnerability_id": "VCID-embr-qynr-jkb3", "summary": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-44398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71118", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71087", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71101", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44398" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:14:54Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T21:14:54Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248428", "reference_id": "2248428", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-44398", "GHSA-hrw9-ggg3-3r4r", "PYSEC-2023-233" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-embr-qynr-jkb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35264?format=api", "vulnerability_id": "VCID-fmhz-da2z-hyau", "summary": "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67482", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67462", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.6751", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67498", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00527", "scoring_system": "epss", "scoring_elements": "0.67503", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/457", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/457" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632490", "reference_id": "1632490", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17282", "PYSEC-2018-138" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmhz-da2z-hyau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35146?format=api", "vulnerability_id": "VCID-fra4-1eda-tfew", "summary": "Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000128.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53545", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53575", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53612", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53599", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00299", "scoring_system": "epss", "scoring_elements": "0.53603", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/06/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2017/06/30/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524427", "reference_id": "1524427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524427" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000128", "PYSEC-2017-117" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fra4-1eda-tfew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35087?format=api", "vulnerability_id": "VCID-fycx-5cnk-4ba1", "summary": "There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12955.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12955.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78588", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78615", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78602", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78623", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01121", "scoring_system": "epss", "scoring_elements": "0.78614", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12955" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482295", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482295" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487207", "reference_id": "1487207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487207" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12955", "PYSEC-2017-127" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fycx-5cnk-4ba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67028?format=api", "vulnerability_id": "VCID-hbf6-amz5-cycv", "summary": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34482", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34543", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34559", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34524", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296343", "reference_id": "2296343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296343" }, { "reference_url": "https://github.com/Exiv2/exiv2/pull/3006", "reference_id": "3006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/" } ], "url": "https://github.com/Exiv2/exiv2/pull/3006" }, { "reference_url": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387", "reference_id": "3a28346db5ae1735a8728fe3491b0aecc1dbf387", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/" } ], "url": "https://github.com/Exiv2/exiv2/commit/3a28346db5ae1735a8728fe3491b0aecc1dbf387" }, { "reference_url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh", "reference_id": "GHSA-38rv-8x93-pvrh", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-08T20:00:33Z/" } ], "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh" }, { "reference_url": "https://security.gentoo.org/glsa/202603-01", "reference_id": "GLSA-202603-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202603-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-39695" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbf6-amz5-cycv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35086?format=api", "vulnerability_id": "VCID-hwjj-wq2h-6uez", "summary": "There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12956.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.7803", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78058", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78042", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78064", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78054", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482296", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482296" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487208", "reference_id": "1487208", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487208" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12956", "PYSEC-2017-128" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwjj-wq2h-6uez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35066?format=api", "vulnerability_id": "VCID-j896-jqs5-hfau", "summary": "There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11337.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11337.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80672", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80699", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80694", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80701", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80697", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11337" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470737", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470737" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474319", "reference_id": "1474319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474319" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11337", "PYSEC-2017-119" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j896-jqs5-hfau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35072?format=api", "vulnerability_id": "VCID-jd2z-aqhw-9ud6", "summary": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11338.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11338.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11338", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78064", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.7803", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78042", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78054", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78058", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11338" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470913", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470913" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474325", "reference_id": "1474325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474325" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11338", "PYSEC-2017-120" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jd2z-aqhw-9ud6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66988?format=api", "vulnerability_id": "VCID-jmv4-wvpq-cbfk", "summary": "In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9304.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64157", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64201", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64186", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64209", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64199", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9304" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566731", "reference_id": "1566731", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9304" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmv4-wvpq-cbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66987?format=api", "vulnerability_id": "VCID-kjcd-gdds-83ed", "summary": "In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-9303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6306", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63104", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63089", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63112", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63102", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-9303" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566725", "reference_id": "1566725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-9303" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjcd-gdds-83ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7212?format=api", "vulnerability_id": "VCID-nfsr-y727-xfdr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17722.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17722.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53647", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53715", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53702", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53678", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53706", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524116", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524116" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545246", "reference_id": "1545246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545246" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17722", "PYSEC-2018-121" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfsr-y727-xfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66997?format=api", "vulnerability_id": "VCID-njc6-a4sc-73d7", "summary": "A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13111.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51004", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50959", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51009", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50989", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728488", "reference_id": "1728488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728488" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13111" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njc6-a4sc-73d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35073?format=api", "vulnerability_id": "VCID-nxmk-4qat-ryaz", "summary": "There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11553.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11553.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78064", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78042", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.7803", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78054", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78058", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471772", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475368", "reference_id": "1475368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475368" }, { "reference_url": "https://security.archlinux.org/AVG-360", "reference_id": "AVG-360", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11553", "PYSEC-2017-123" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxmk-4qat-ryaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35128?format=api", "vulnerability_id": "VCID-qfz8-jkrd-cyag", "summary": "There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14860.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14860.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5343", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.5349", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53457", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53499", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53482", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14860" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494776", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494776" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500316", "reference_id": "1500316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500316" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14860", "PYSEC-2017-133" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfz8-jkrd-cyag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7211?format=api", "vulnerability_id": "VCID-qhsp-b3au-qyfm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17723.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17723.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17723", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.70185", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.70214", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.70163", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.70197", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0061", "scoring_system": "epss", "scoring_elements": "0.70205", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17723" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524104", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524104" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545249", "reference_id": "1545249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545249" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17723", "PYSEC-2018-122" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhsp-b3au-qyfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35088?format=api", "vulnerability_id": "VCID-qkk8-uyc3-dkdv", "summary": "There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12957.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78064", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.7803", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78042", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78054", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78058", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487210", "reference_id": "1487210", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487210" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12957", "PYSEC-2017-129" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkk8-uyc3-dkdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35383?format=api", "vulnerability_id": "VCID-rwpd-cchu-bbh4", "summary": "Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage::readMetadata() in rafimage.cpp.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14368.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14368.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48919", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48941", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.4899", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48972", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48981", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14368" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/952", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/952" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747229", "reference_id": "1747229", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14368", "PYSEC-2019-244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwpd-cchu-bbh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7209?format=api", "vulnerability_id": "VCID-tae2-z12a-8kbq", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68766", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68789", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6874", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.68781", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00563", "scoring_system": "epss", "scoring_elements": "0.6878", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17725" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525055", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525055" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/188", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545232", "reference_id": "1545232", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1545232" }, { "reference_url": "https://security.archlinux.org/AVG-614", "reference_id": "AVG-614", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-17725", "PYSEC-2018-124" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tae2-z12a-8kbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35123?format=api", "vulnerability_id": "VCID-tc49-j8nx-4bas", "summary": "A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14863.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14863.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51467", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51528", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51478", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51534", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00278", "scoring_system": "epss", "scoring_elements": "0.51512", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14863" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494443", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494443" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500319", "reference_id": "1500319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500319" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14863", "PYSEC-2017-136" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tc49-j8nx-4bas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35206?format=api", "vulnerability_id": "VCID-tv8d-va4r-1uc3", "summary": "Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47051", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47098", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47081", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.4703", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47095", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10780" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575201", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575201" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577319", "reference_id": "1577319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577319" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-10780", "PYSEC-2018-125" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tv8d-va4r-1uc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35262?format=api", "vulnerability_id": "VCID-us67-ewt7-bfh5", "summary": "Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17229.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17229.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68217", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68193", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68232", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.6824", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17229" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/453", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/453" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632481", "reference_id": "1632481", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-17229", "PYSEC-2018-136" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-us67-ewt7-bfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35147?format=api", "vulnerability_id": "VCID-v1yg-wf6x-a7gq", "summary": "exiv2 0.26 contains a Stack out of bounds read in webp parser", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000126.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55353", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55379", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55384", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55323", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55373", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000126" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/06/30/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2017/06/30/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524425", "reference_id": "1524425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524425" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000126", "PYSEC-2017-115" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1yg-wf6x-a7gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35293?format=api", "vulnerability_id": "VCID-v6zn-dj5h-5fg3", "summary": "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20098.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01025", "scoring_system": "epss", "scoring_elements": "0.77636", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01025", "scoring_system": "epss", "scoring_elements": "0.77621", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01025", "scoring_system": "epss", "scoring_elements": "0.77649", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01025", "scoring_system": "epss", "scoring_elements": "0.77657", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01025", "scoring_system": "epss", "scoring_elements": "0.77647", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/590", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/590" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660425", "reference_id": "1660425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660425" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20098", "PYSEC-2018-119" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6zn-dj5h-5fg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35294?format=api", "vulnerability_id": "VCID-w5kz-9ah9-pud7", "summary": "There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20096.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20096.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01233", "scoring_system": "epss", "scoring_elements": "0.79537", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01233", "scoring_system": "epss", "scoring_elements": "0.79522", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01233", "scoring_system": "epss", "scoring_elements": "0.79548", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01233", "scoring_system": "epss", "scoring_elements": "0.79553", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01233", "scoring_system": "epss", "scoring_elements": "0.79546", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/590", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/590" }, { "reference_url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXCEKTYF7HLM6VH2WCWO2HXTJH37MBLA/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660423", "reference_id": "1660423", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1660423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20096", "PYSEC-2018-117" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w5kz-9ah9-pud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35167?format=api", "vulnerability_id": "VCID-wm1e-xrkt-5qcb", "summary": "In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5772.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62747", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62717", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62762", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00427", "scoring_system": "epss", "scoring_elements": "0.62771", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5772" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/216", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/216" }, { "reference_url": "https://security.gentoo.org/glsa/201811-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://security.gentoo.org/glsa/201811-14" }, { "reference_url": "http://www.securityfocus.com/bid/102789", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.securityfocus.com/bid/102789" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536904", "reference_id": "1536904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536904" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-5772", "PYSEC-2018-145" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wm1e-xrkt-5qcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35122?format=api", "vulnerability_id": "VCID-wtsq-drdf-vugg", "summary": "There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54326", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54382", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54358", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54392", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54381", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494778", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500309", "reference_id": "1500309", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500309" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14865", "PYSEC-2017-138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wtsq-drdf-vugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35070?format=api", "vulnerability_id": "VCID-wwen-5xwd-bubs", "summary": "There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11336.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11336.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80672", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80699", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80694", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80701", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80697", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11336" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470729", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470729" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474316", "reference_id": "1474316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474316" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-11336", "PYSEC-2017-118" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwen-5xwd-bubs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35160?format=api", "vulnerability_id": "VCID-xykr-6qd7-ukge", "summary": "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4868.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4868.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60054", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60025", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60004", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60042", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00384", "scoring_system": "epss", "scoring_elements": "0.60051", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-4868" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/202", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/202" }, { "reference_url": "http://www.securityfocus.com/bid/102477", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://www.securityfocus.com/bid/102477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531724", "reference_id": "1531724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-4868", "PYSEC-2018-144" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xykr-6qd7-ukge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35124?format=api", "vulnerability_id": "VCID-y72v-2749-bkh8", "summary": "There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14861.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14861.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58965", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58946", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.5897", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58962", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494787", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494787" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500317", "reference_id": "1500317", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500317" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-14861", "PYSEC-2017-134" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y72v-2749-bkh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35281?format=api", "vulnerability_id": "VCID-y8jt-wz8p-cfdr", "summary": "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70035", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70014", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70064", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70046", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.70055", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18915" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/511", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/511" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646555", "reference_id": "1646555", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646555" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-18915", "PYSEC-2018-140" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y8jt-wz8p-cfdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35289?format=api", "vulnerability_id": "VCID-z661-uq5z-qud7", "summary": "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00009.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2101", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2101" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19607.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19607.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70901", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70883", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70932", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70915", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00638", "scoring_system": "epss", "scoring_elements": "0.70925", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19607" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Exiv2/exiv2/issues/561", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://github.com/Exiv2/exiv2/issues/561" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656195", "reference_id": "1656195", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1656195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1577", "reference_id": "RHSA-2020:1577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1577" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19607", "PYSEC-2018-143" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z661-uq5z-qud7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67007?format=api", "vulnerability_id": "VCID-zbyw-f4qy-9ucs", "summary": "In Exiv2 before v0.27.2, there is an integer overflow vulnerability in the WebPImage::getHeaderOffset function in webpimage.cpp. It can lead to a buffer overflow vulnerability and a crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14982.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14982.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00604", "scoring_system": "epss", "scoring_elements": "0.69983", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00604", "scoring_system": "epss", "scoring_elements": "0.70024", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00604", "scoring_system": "epss", "scoring_elements": "0.70008", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00604", "scoring_system": "epss", "scoring_elements": "0.70032", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00604", "scoring_system": "epss", "scoring_elements": "0.70019", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14982" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757909", "reference_id": "1757909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757909" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93835?format=api", "purl": "pkg:deb/debian/exiv2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93829?format=api", "purl": "pkg:deb/debian/exiv2@0.27.3-3%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-an21-gwsh-27d3" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.3-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93827?format=api", "purl": "pkg:deb/debian/exiv2@0.27.6-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-gy1q-vkwb-eqcv" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-pn59-u7sf-uqdd" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.27.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93831?format=api", "purl": "pkg:deb/debian/exiv2@0.28.5%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7mk5-kjpw-g7gs" }, { "vulnerability": "VCID-9f5s-42d2-dkfh" }, { "vulnerability": "VCID-hexv-f1ap-cqea" }, { "vulnerability": "VCID-rj5c-pc4n-nbdp" }, { "vulnerability": "VCID-t3as-qbf3-u3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/93830?format=api", "purl": "pkg:deb/debian/exiv2@0.28.8%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0.28.8%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbyw-f4qy-9ucs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exiv2@0%3Fdistro=trixie" }