{"url":"http://public2.vulnerablecode.io/api/packages/95896?format=json","purl":"pkg:rpm/redhat/libtiff@4.4.0-10?arch=el9","type":"rpm","namespace":"redhat","name":"libtiff","version":"4.4.0-10","qualifiers":{"arch":"el9"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18009?format=json","vulnerability_id":"VCID-2ds7-xq64-9ue2","summary":"NULL Pointer Dereference\nA NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3316","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05658","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05697","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0569","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05757","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05735","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05721","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06208","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06223","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06254","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06263","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06282","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06396","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06471","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216080","reference_id":"2216080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216080"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/468","reference_id":"468","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/468"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/515","reference_id":"515","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3316","reference_id":"CVE-2023-3316","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3316"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6229-1/","reference_id":"USN-6229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6229-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[],"aliases":["CVE-2023-3316"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ds7-xq64-9ue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18129?format=json","vulnerability_id":"VCID-6dt6-ppka-b3ct","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26966","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07283","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07241","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0722","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07274","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07301","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07297","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07273","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07203","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07198","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07323","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07282","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08031","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08366","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08398","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08318","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0846","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08542","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/530","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/530"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/473","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/473"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218749","reference_id":"2218749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218749"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26966","reference_id":"CVE-2023-26966","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26966"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6229-1/","reference_id":"USN-6229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6229-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[],"aliases":["CVE-2023-26966"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dt6-ppka-b3ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17660?format=json","vulnerability_id":"VCID-7kmu-5yen-hfd1","summary":"NULL Pointer Dereference\nA NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2731.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2731.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2731","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01212","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01143","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01165","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01144","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01146","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01136","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01217","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01221","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01228","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01215","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01148","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01158","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01164","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2731"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2207635","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T18:21:11Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2207635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T18:21:11Z/"}],"url":"https://github.com/libsdl-org/libtiff/commit/9be22b639ea69e102d3847dca4c53ef025e9527b"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/548","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T18:21:11Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/548"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036282","reference_id":"1036282","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036282"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-2731","reference_id":"CVE-2023-2731","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T18:21:11Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-2731"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2731","reference_id":"CVE-2023-2731","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2731"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230703-0009/","reference_id":"ntap-20230703-0009","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T18:21:11Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230703-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[],"aliases":["CVE-2023-2731"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kmu-5yen-hfd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17889?format=json","vulnerability_id":"VCID-ndwc-beev-43ck","summary":"Out-of-bounds Write\nloadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26965","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00733","published_at":"2026-04-02T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00735","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0073","published_at":"2026-04-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00736","published_at":"2026-04-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00726","published_at":"2026-04-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.008","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00846","published_at":"2026-05-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00844","published_at":"2026-04-29T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00845","published_at":"2026-04-26T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0084","published_at":"2026-05-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00795","published_at":"2026-04-16T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00836","published_at":"2026-05-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00801","published_at":"2026-04-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00796","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/472","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/472"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215206","reference_id":"2215206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215206"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26965","reference_id":"CVE-2023-26965","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26965"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0009/","reference_id":"ntap-20230706-0009","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230706-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6229-1/","reference_id":"USN-6229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6229-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[],"aliases":["CVE-2023-26965"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndwc-beev-43ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19264?format=json","vulnerability_id":"VCID-pkdx-ktz1-mbbg","summary":"Missing Release of Memory after Effective Lifetime\nA memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3576","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05679","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05721","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05754","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05781","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0575","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.057","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06601","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06185","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06335","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06381","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06393","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06411","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06533","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3576"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219340","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3576","reference_id":"CVE-2023-3576","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2023-3576"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3576","reference_id":"CVE-2023-3576","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6512-1/","reference_id":"USN-6512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6512-1/"}],"fixed_packages":[],"aliases":["CVE-2023-3576"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkdx-ktz1-mbbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50129?format=json","vulnerability_id":"VCID-x7w1-k9zt-qkab","summary":"Multiple vulnerabilities have been found in LibTIFF, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17095.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17095.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17095","reference_id":"","reference_type":"","scores":[{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88354","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88482","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88436","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.8844","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88452","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88469","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88362","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88376","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88381","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88406","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88417","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88409","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88424","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.8842","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03989","scoring_system":"epss","scoring_elements":"0.88419","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10963"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17101"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html"},{"reference_url":"https://www.debian.org/security/2018/dsa-4349","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2018/dsa-4349"},{"reference_url":"https://www.exploit-db.com/exploits/43322/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/43322/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2017/11/30/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2017/11/30/3"},{"reference_url":"http://www.securityfocus.com/bid/102124","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102124"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524284","reference_id":"1524284","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524284"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883320","reference_id":"883320","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883320"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libtiff:libtiff:4.0.9:*:*:*:*:*:*:*"},{"reference_url":"http://bugzilla.maptools.org/show_bug.cgi?id=2750","reference_id":"CVE-2017-17095","reference_type":"exploit","scores":[],"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2750"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/43322.txt","reference_id":"CVE-2017-17095","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/43322.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17095","reference_id":"CVE-2017-17095","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17095"},{"reference_url":"https://security.gentoo.org/glsa/202003-25","reference_id":"GLSA-202003-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4658","reference_id":"RHSA-2025:4658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:4658"},{"reference_url":"https://usn.ubuntu.com/3606-1/","reference_id":"USN-3606-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3606-1/"}],"fixed_packages":[],"aliases":["CVE-2017-17095"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x7w1-k9zt-qkab"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libtiff@4.4.0-10%3Farch=el9"}