{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","type":"deb","namespace":"debian","name":"gdk-pixbuf","version":"2.44.6+dfsg-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69842?format=json","vulnerability_id":"VCID-3g3h-e1td-mkad","summary":"io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2975.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2975","reference_id":"","reference_type":"","scores":[{"value":"0.1189","scoring_system":"epss","scoring_elements":"0.93874","published_at":"2026-06-04T12:55:00Z"},{"value":"0.1189","scoring_system":"epss","scoring_elements":"0.93884","published_at":"2026-06-07T12:55:00Z"},{"value":"0.1189","scoring_system":"epss","scoring_elements":"0.93883","published_at":"2026-06-06T12:55:00Z"},{"value":"0.1189","scoring_system":"epss","scoring_elements":"0.93882","published_at":"2026-06-08T12:55:00Z"},{"value":"0.1189","scoring_system":"epss","scoring_elements":"0.93887","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2975"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617771","reference_id":"1617771","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617771"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431","reference_id":"339431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431"},{"reference_url":"https://security.gentoo.org/glsa/200511-14","reference_id":"GLSA-200511-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200511-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:810","reference_id":"RHSA-2005:810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:811","reference_id":"RHSA-2005:811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:811"},{"reference_url":"https://usn.ubuntu.com/216-1/","reference_id":"USN-216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/216-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96079?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0.22.0-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0.22.0-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-2975"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3g3h-e1td-mkad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69856?format=json","vulnerability_id":"VCID-3yaa-xt8h-cycb","summary":"io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7673.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7673.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7673","reference_id":"","reference_type":"","scores":[{"value":"0.02374","scoring_system":"epss","scoring_elements":"0.85255","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02374","scoring_system":"epss","scoring_elements":"0.85279","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02374","scoring_system":"epss","scoring_elements":"0.85285","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02374","scoring_system":"epss","scoring_elements":"0.85267","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02374","scoring_system":"epss","scoring_elements":"0.8528","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1261836","reference_id":"1261836","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1261836"},{"reference_url":"https://security.gentoo.org/glsa/201512-05","reference_id":"GLSA-201512-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-05"},{"reference_url":"https://usn.ubuntu.com/2767-1/","reference_id":"USN-2767-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2767-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96084?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.32.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.32.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-7673"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3yaa-xt8h-cycb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69840?format=json","vulnerability_id":"VCID-418g-5k4q-zqah","summary":"Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0788.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0788.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0788","reference_id":"","reference_type":"","scores":[{"value":"0.13522","scoring_system":"epss","scoring_elements":"0.94351","published_at":"2026-06-04T12:55:00Z"},{"value":"0.13522","scoring_system":"epss","scoring_elements":"0.9436","published_at":"2026-06-05T12:55:00Z"},{"value":"0.13522","scoring_system":"epss","scoring_elements":"0.94361","published_at":"2026-06-06T12:55:00Z"},{"value":"0.13522","scoring_system":"epss","scoring_elements":"0.94362","published_at":"2026-06-08T12:55:00Z"},{"value":"0.13522","scoring_system":"epss","scoring_elements":"0.94367","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0788"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617290","reference_id":"1617290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:447","reference_id":"RHSA-2004:447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:466","reference_id":"RHSA-2004:466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:466"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96077?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0.22.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0.22.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-0788"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-418g-5k4q-zqah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69861?format=json","vulnerability_id":"VCID-5ryc-3je9-z7du","summary":"Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000422.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000422","reference_id":"","reference_type":"","scores":[{"value":"0.00961","scoring_system":"epss","scoring_elements":"0.7684","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00961","scoring_system":"epss","scoring_elements":"0.76872","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00961","scoring_system":"epss","scoring_elements":"0.76858","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00961","scoring_system":"epss","scoring_elements":"0.7688","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00961","scoring_system":"epss","scoring_elements":"0.76869","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000422"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531397","reference_id":"1531397","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531397"},{"reference_url":"https://security.gentoo.org/glsa/201804-14","reference_id":"GLSA-201804-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-14"},{"reference_url":"https://usn.ubuntu.com/3532-1/","reference_id":"USN-3532-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3532-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96089?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.36.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.36.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-1000422"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ryc-3je9-z7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69866?format=json","vulnerability_id":"VCID-6mf3-hp89-abhy","summary":"Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6312.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6312.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6312","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5573","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55786","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55792","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.5578","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55762","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55782","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6312"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6312","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6312"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427221","reference_id":"1427221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856444","reference_id":"856444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856444"},{"reference_url":"https://security.gentoo.org/glsa/201709-08","reference_id":"GLSA-201709-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-08"},{"reference_url":"https://usn.ubuntu.com/3532-1/","reference_id":"USN-3532-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3532-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96091?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.36.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.36.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-6312"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mf3-hp89-abhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69862?format=json","vulnerability_id":"VCID-7er4-mjnq-mffh","summary":"GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12447.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12447","reference_id":"","reference_type":"","scores":[{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52629","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52688","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52694","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52676","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52649","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00289","scoring_system":"epss","scoring_elements":"0.52673","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12447"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1686828","reference_id":"1686828","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1686828"},{"reference_url":"https://usn.ubuntu.com/3912-1/","reference_id":"USN-3912-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3912-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96087?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.34.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.34.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-12447"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7er4-mjnq-mffh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69834?format=json","vulnerability_id":"VCID-95a1-a562-x3ds","summary":"gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0111.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0111.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0111","reference_id":"","reference_type":"","scores":[{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80414","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80439","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80441","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80433","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01347","scoring_system":"epss","scoring_elements":"0.80454","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617155","reference_id":"1617155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:102","reference_id":"RHSA-2004:102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:103","reference_id":"RHSA-2004:103","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96073?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0.22.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0.22.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-0111"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95a1-a562-x3ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4801?format=json","vulnerability_id":"VCID-an9r-h7w3-s3c5","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6352.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6352","reference_id":"","reference_type":"","scores":[{"value":"0.01773","scoring_system":"epss","scoring_elements":"0.83034","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01773","scoring_system":"epss","scoring_elements":"0.83022","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01773","scoring_system":"epss","scoring_elements":"0.83007","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01773","scoring_system":"epss","scoring_elements":"0.8303","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6352"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349751","reference_id":"1349751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1349751"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832496","reference_id":"832496","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832496"},{"reference_url":"https://security.archlinux.org/ASA-201610-9","reference_id":"ASA-201610-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201610-9"},{"reference_url":"https://security.archlinux.org/ASA-201611-12","reference_id":"ASA-201611-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-12"},{"reference_url":"https://security.archlinux.org/AVG-1","reference_id":"AVG-1","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1"},{"reference_url":"https://security.archlinux.org/AVG-2","reference_id":"AVG-2","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2"},{"reference_url":"https://usn.ubuntu.com/3085-1/","reference_id":"USN-3085-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3085-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96088?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.35.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.35.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2016-6352"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-an9r-h7w3-s3c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69864?format=json","vulnerability_id":"VCID-bhjt-vb23-47ee","summary":"An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2870.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2870","reference_id":"","reference_type":"","scores":[{"value":"0.02329","scoring_system":"epss","scoring_elements":"0.85119","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02329","scoring_system":"epss","scoring_elements":"0.85146","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02329","scoring_system":"epss","scoring_elements":"0.85143","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02329","scoring_system":"epss","scoring_elements":"0.85132","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02329","scoring_system":"epss","scoring_elements":"0.85144","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02329","scoring_system":"epss","scoring_elements":"0.85148","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2870"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1486735","reference_id":"1486735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1486735"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873787","reference_id":"873787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873787"},{"reference_url":"https://usn.ubuntu.com/3418-1/","reference_id":"USN-3418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96090?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.36.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.36.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-2870"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhjt-vb23-47ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42042?format=json","vulnerability_id":"VCID-bjj3-3ccw-63fa","summary":"Out-of-bounds Write\nGNOME gdk-pixbuf is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals `12`","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44648.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44648","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55049","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55108","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55088","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55115","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.55106","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44648"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46829"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136"},{"reference_url":"https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/","reference_id":"","reference_type":"","scores":[],"url":"https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014600","reference_id":"1014600","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014600"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043722","reference_id":"2043722","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043722"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44648","reference_id":"CVE-2021-44648","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44648"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2216","reference_id":"RHSA-2023:2216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2216"},{"reference_url":"https://usn.ubuntu.com/5607-1/","reference_id":"USN-5607-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5607-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96095?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96094?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.9%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.9%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-44648"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjj3-3ccw-63fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69863?format=json","vulnerability_id":"VCID-bspu-grjr-f7h4","summary":"An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2862.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2862","reference_id":"","reference_type":"","scores":[{"value":"0.04562","scoring_system":"epss","scoring_elements":"0.89421","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04562","scoring_system":"epss","scoring_elements":"0.89386","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04562","scoring_system":"epss","scoring_elements":"0.89404","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04562","scoring_system":"epss","scoring_elements":"0.89402","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488817","reference_id":"1488817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552","reference_id":"874552","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3418-1/","reference_id":"USN-3418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96090?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.36.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.36.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-2862"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bspu-grjr-f7h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69845?format=json","vulnerability_id":"VCID-c9eh-crb1-e3fa","summary":"The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2485.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2485","reference_id":"","reference_type":"","scores":[{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71915","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71954","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71962","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71939","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71925","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00677","scoring_system":"epss","scoring_elements":"0.71949","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2485"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2485"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631524","reference_id":"631524","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631524"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=715337","reference_id":"715337","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=715337"},{"reference_url":"https://security.gentoo.org/glsa/201206-11","reference_id":"GLSA-201206-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-11"},{"reference_url":"https://security.gentoo.org/glsa/201206-20","reference_id":"GLSA-201206-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96080?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.23.3-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.23.3-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-2485"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9eh-crb1-e3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69865?format=json","vulnerability_id":"VCID-crqv-hqx5-ekf4","summary":"gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6311.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6311.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6311","reference_id":"","reference_type":"","scores":[{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83635","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.8366","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83663","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83657","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83649","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6311"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427222","reference_id":"1427222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427222"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858491","reference_id":"858491","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858491"},{"reference_url":"https://security.gentoo.org/glsa/201709-08","reference_id":"GLSA-201709-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-08"},{"reference_url":"https://usn.ubuntu.com/3418-1/","reference_id":"USN-3418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96090?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.36.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.36.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-6311"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crqv-hqx5-ekf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69836?format=json","vulnerability_id":"VCID-dtth-d2ay-auff","summary":"The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0753.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0753","reference_id":"","reference_type":"","scores":[{"value":"0.12598","scoring_system":"epss","scoring_elements":"0.94084","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12598","scoring_system":"epss","scoring_elements":"0.94093","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12598","scoring_system":"epss","scoring_elements":"0.94092","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12598","scoring_system":"epss","scoring_elements":"0.94094","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12598","scoring_system":"epss","scoring_elements":"0.94098","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0753"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617266","reference_id":"1617266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617266"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:447","reference_id":"RHSA-2004:447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:466","reference_id":"RHSA-2004:466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:466"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96077?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0.22.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0.22.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-0753"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtth-d2ay-auff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69876?format=json","vulnerability_id":"VCID-dyah-2kea-3qf2","summary":"A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6199.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6199","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27447","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27585","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27535","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27497","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-6199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6199"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107994","reference_id":"1107994","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107994"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373147","reference_id":"2373147","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T14:43:00Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373147"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-6199","reference_id":"CVE-2025-6199","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-17T14:43:00Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-6199"},{"reference_url":"https://usn.ubuntu.com/7662-1/","reference_id":"USN-7662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7662-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96102?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96101?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96103?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-6199"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyah-2kea-3qf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69853?format=json","vulnerability_id":"VCID-f11x-b7h5-47ep","summary":"Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted BMP file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7552.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7552.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7552","reference_id":"","reference_type":"","scores":[{"value":"0.01699","scoring_system":"epss","scoring_elements":"0.82627","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01699","scoring_system":"epss","scoring_elements":"0.82654","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01699","scoring_system":"epss","scoring_elements":"0.82653","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01699","scoring_system":"epss","scoring_elements":"0.82651","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01699","scoring_system":"epss","scoring_elements":"0.82644","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01699","scoring_system":"epss","scoring_elements":"0.82657","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8875"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1378894","reference_id":"1378894","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1378894"},{"reference_url":"https://usn.ubuntu.com/3085-1/","reference_id":"USN-3085-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3085-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96084?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.32.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.32.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-7552"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f11x-b7h5-47ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69849?format=json","vulnerability_id":"VCID-f7ht-kzkm-hyfp","summary":"Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2370.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2370","reference_id":"","reference_type":"","scores":[{"value":"0.02266","scoring_system":"epss","scoring_elements":"0.84937","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02266","scoring_system":"epss","scoring_elements":"0.84961","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02266","scoring_system":"epss","scoring_elements":"0.84966","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02266","scoring_system":"epss","scoring_elements":"0.8496","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03097","scoring_system":"epss","scoring_elements":"0.87049","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03097","scoring_system":"epss","scoring_elements":"0.8706","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=822468","reference_id":"822468","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=822468"},{"reference_url":"https://security.gentoo.org/glsa/201206-20","reference_id":"GLSA-201206-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0135","reference_id":"RHSA-2013:0135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0135"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96082?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.26.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.26.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2012-2370"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7ht-kzkm-hyfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69878?format=json","vulnerability_id":"VCID-g8ug-mc3x-xqbh","summary":"A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7345.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7345.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7345","reference_id":"","reference_type":"","scores":[{"value":"0.00938","scoring_system":"epss","scoring_elements":"0.76616","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00938","scoring_system":"epss","scoring_elements":"0.76606","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00938","scoring_system":"epss","scoring_elements":"0.76611","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00938","scoring_system":"epss","scoring_elements":"0.76595","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7345"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109262","reference_id":"1109262","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2377063","reference_id":"2377063","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2377063"},{"reference_url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249","reference_id":"249","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7345","reference_id":"CVE-2025-7345","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-7345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12841","reference_id":"RHSA-2025:12841","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12862","reference_id":"RHSA-2025:12862","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13315","reference_id":"RHSA-2025:13315","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:13315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14574","reference_id":"RHSA-2025:14574","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14575","reference_id":"RHSA-2025:14575","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14576","reference_id":"RHSA-2025:14576","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14585","reference_id":"RHSA-2025:14585","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14618","reference_id":"RHSA-2025:14618","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14646","reference_id":"RHSA-2025:14646","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14647","reference_id":"RHSA-2025:14647","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:14683","reference_id":"RHSA-2025:14683","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-08T13:53:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:14683"},{"reference_url":"https://usn.ubuntu.com/7662-1/","reference_id":"USN-7662-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7662-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96105?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96104?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96106?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2025-7345"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ug-mc3x-xqbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69839?format=json","vulnerability_id":"VCID-hs4e-6xvn-sbb6","summary":"Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow.  NOTE: this identifier is ONLY for gtk+.  It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0782.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0782.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0782","reference_id":"","reference_type":"","scores":[{"value":"0.31086","scoring_system":"epss","scoring_elements":"0.9684","published_at":"2026-06-04T12:55:00Z"},{"value":"0.31086","scoring_system":"epss","scoring_elements":"0.96845","published_at":"2026-06-05T12:55:00Z"},{"value":"0.31086","scoring_system":"epss","scoring_elements":"0.96849","published_at":"2026-06-08T12:55:00Z"},{"value":"0.31086","scoring_system":"epss","scoring_elements":"0.9685","published_at":"2026-06-07T12:55:00Z"},{"value":"0.31086","scoring_system":"epss","scoring_elements":"0.96854","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0782"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617283","reference_id":"1617283","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:447","reference_id":"RHSA-2004:447","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:447"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:466","reference_id":"RHSA-2004:466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:466"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96077?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0.22.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0.22.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2004-0782"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs4e-6xvn-sbb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69841?format=json","vulnerability_id":"VCID-jx5x-gyv8-wkhm","summary":"Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0891.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0891","reference_id":"","reference_type":"","scores":[{"value":"0.02026","scoring_system":"epss","scoring_elements":"0.84101","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02026","scoring_system":"epss","scoring_elements":"0.84123","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02026","scoring_system":"epss","scoring_elements":"0.84126","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02026","scoring_system":"epss","scoring_elements":"0.84122","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02026","scoring_system":"epss","scoring_elements":"0.84111","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02026","scoring_system":"epss","scoring_elements":"0.84124","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617587","reference_id":"1617587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:343","reference_id":"RHSA-2005:343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:344","reference_id":"RHSA-2005:344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:344"},{"reference_url":"https://usn.ubuntu.com/108-1/","reference_id":"USN-108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96078?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0.22.0-7.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0.22.0-7.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-0891"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jx5x-gyv8-wkhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46903?format=json","vulnerability_id":"VCID-kbfc-y8ke-b3hh","summary":"Out-of-bounds Write\nIn GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48622.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-48622","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21843","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21806","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21923","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21911","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21864","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-48622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48622"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-26T19:23:51Z/"}],"url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071265","reference_id":"1071265","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071265"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2260545","reference_id":"2260545","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2260545"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48622","reference_id":"CVE-2022-48622","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48622"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3341","reference_id":"RHSA-2024:3341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3834","reference_id":"RHSA-2024:3834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3834"},{"reference_url":"https://usn.ubuntu.com/6806-1/","reference_id":"USN-6806-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6806-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96098?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96100?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2022-48622"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbfc-y8ke-b3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69870?format=json","vulnerability_id":"VCID-kvxr-678s-2kgq","summary":"GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29385.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-29385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29385","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57433","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70812","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.7077","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75389","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75402","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-29385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1927237","reference_id":"1927237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1927237"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166","reference_id":"977166","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977166"},{"reference_url":"https://security.archlinux.org/ASA-202012-19","reference_id":"ASA-202012-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-19"},{"reference_url":"https://security.archlinux.org/ASA-202012-20","reference_id":"ASA-202012-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-20"},{"reference_url":"https://security.archlinux.org/AVG-1328","reference_id":"AVG-1328","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1328"},{"reference_url":"https://security.archlinux.org/AVG-1329","reference_id":"AVG-1329","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1329"},{"reference_url":"https://security.gentoo.org/glsa/202012-15","reference_id":"GLSA-202012-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-15"},{"reference_url":"https://usn.ubuntu.com/4663-1/","reference_id":"USN-4663-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4663-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96093?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2020-29385"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kvxr-678s-2kgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63950?format=json","vulnerability_id":"VCID-mvcd-ajqf-2qax","summary":"gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5201.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5201","reference_id":"","reference_type":"","scores":[{"value":"0.00746","scoring_system":"epss","scoring_elements":"0.73438","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00746","scoring_system":"epss","scoring_elements":"0.73451","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75542","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00867","scoring_system":"epss","scoring_elements":"0.75546","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5201"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132501","reference_id":"1132501","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453291","reference_id":"2453291","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453291"},{"reference_url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304","reference_id":"304","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.3::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1","reference_id":"cpe:/o:redhat:enterprise_linux:10.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.2","reference_id":"cpe:/o:redhat:enterprise_linux:10.2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0","reference_id":"cpe:/o:redhat:enterprise_linux_eus:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-5201","reference_id":"CVE-2026-5201","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-5201"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10707","reference_id":"RHSA-2026:10707","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10707"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10708","reference_id":"RHSA-2026:10708","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10741","reference_id":"RHSA-2026:10741","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:10741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11325","reference_id":"RHSA-2026:11325","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:11325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11326","reference_id":"RHSA-2026:11326","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:11326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11327","reference_id":"RHSA-2026:11327","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:11327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11328","reference_id":"RHSA-2026:11328","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:11328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11806","reference_id":"RHSA-2026:11806","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:11806"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12060","reference_id":"RHSA-2026:12060","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12061","reference_id":"RHSA-2026:12061","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12062","reference_id":"RHSA-2026:12062","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12114","reference_id":"RHSA-2026:12114","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12114"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12115","reference_id":"RHSA-2026:12115","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12115"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16008","reference_id":"RHSA-2026:16008","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16009","reference_id":"RHSA-2026:16009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16030","reference_id":"RHSA-2026:16030","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19127","reference_id":"RHSA-2026:19127","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19210","reference_id":"RHSA-2026:19210","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19724","reference_id":"RHSA-2026:19724","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19725","reference_id":"RHSA-2026:19725","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:45:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19725"},{"reference_url":"https://usn.ubuntu.com/8156-1/","reference_id":"USN-8156-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8156-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96108?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96109?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2026-5201"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvcd-ajqf-2qax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3573?format=json","vulnerability_id":"VCID-mvnt-jfx6-tuh3","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46829.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-46829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46829","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61997","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62026","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62053","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62041","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62045","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44648"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46829"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2114940","reference_id":"2114940","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2114940"},{"reference_url":"https://security.archlinux.org/AVG-2786","reference_id":"AVG-2786","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2216","reference_id":"RHSA-2023:2216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2216"},{"reference_url":"https://usn.ubuntu.com/5554-1/","reference_id":"USN-5554-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5554-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96095?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96096?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.8%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.8%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-46829"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mvnt-jfx6-tuh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69843?format=json","vulnerability_id":"VCID-pkjt-anyv-hkfc","summary":"Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2976.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2976","reference_id":"","reference_type":"","scores":[{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82733","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82758","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82757","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82755","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82748","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.8276","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2976"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617772","reference_id":"1617772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617772"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431","reference_id":"339431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431"},{"reference_url":"https://security.gentoo.org/glsa/200511-14","reference_id":"GLSA-200511-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200511-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:810","reference_id":"RHSA-2005:810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:810"},{"reference_url":"https://usn.ubuntu.com/216-1/","reference_id":"USN-216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/216-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96079?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0.22.0-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0.22.0-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-2976"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkjt-anyv-hkfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2949?format=json","vulnerability_id":"VCID-qtnf-u4kt-ybav","summary":"Security researcher Gustavo Grieco reported a heap overflow\nin gdk-pixbuf affecting Linux systems using Gnome. This issue is\ntriggered by the scaling of a malformed bitmap format image and results in a\npotentially exploitable crash.\nThis issue only affects Linux systems running Gnome. Windows and\nOS X operating systems are unaffected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4491.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4491.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4491","reference_id":"","reference_type":"","scores":[{"value":"0.03692","scoring_system":"epss","scoring_elements":"0.8817","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03692","scoring_system":"epss","scoring_elements":"0.88149","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03692","scoring_system":"epss","scoring_elements":"0.88172","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03692","scoring_system":"epss","scoring_elements":"0.88187","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03692","scoring_system":"epss","scoring_elements":"0.88173","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4491"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252290","reference_id":"1252290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491","reference_id":"CVE-2015-4491","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491"},{"reference_url":"https://security.gentoo.org/glsa/201512-05","reference_id":"GLSA-201512-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-05"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-88","reference_id":"mfsa2015-88","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-88"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1682","reference_id":"RHSA-2015:1682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1694","reference_id":"RHSA-2015:1694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1694"},{"reference_url":"https://usn.ubuntu.com/2702-1/","reference_id":"USN-2702-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2702-1/"},{"reference_url":"https://usn.ubuntu.com/2712-1/","reference_id":"USN-2712-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2712-1/"},{"reference_url":"https://usn.ubuntu.com/2722-1/","reference_id":"USN-2722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2722-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96083?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.31.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.31.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-4491"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtnf-u4kt-ybav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69872?format=json","vulnerability_id":"VCID-ttc1-e11q-23hs","summary":"A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20240.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20240.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20240","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77944","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77971","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77957","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77978","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77968","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20240"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20240","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20240"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926787","reference_id":"1926787","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1926787"},{"reference_url":"https://usn.ubuntu.com/4743-1/","reference_id":"USN-4743-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4743-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96093?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2021-20240"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttc1-e11q-23hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69844?format=json","vulnerability_id":"VCID-uq15-6b83-vya1","summary":"Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3186.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3186","reference_id":"","reference_type":"","scores":[{"value":"0.02224","scoring_system":"epss","scoring_elements":"0.84817","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02224","scoring_system":"epss","scoring_elements":"0.8484","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02224","scoring_system":"epss","scoring_elements":"0.84844","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02224","scoring_system":"epss","scoring_elements":"0.84839","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02224","scoring_system":"epss","scoring_elements":"0.84828","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02224","scoring_system":"epss","scoring_elements":"0.84842","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3186"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617795","reference_id":"1617795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617795"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431","reference_id":"339431","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339431"},{"reference_url":"https://security.gentoo.org/glsa/200511-14","reference_id":"GLSA-200511-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200511-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:810","reference_id":"RHSA-2005:810","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:811","reference_id":"RHSA-2005:811","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:811"},{"reference_url":"https://usn.ubuntu.com/216-1/","reference_id":"USN-216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/216-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96079?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0.22.0-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0.22.0-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2005-3186"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uq15-6b83-vya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69868?format=json","vulnerability_id":"VCID-uwbw-sq6d-rbh3","summary":"Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6313.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6313.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6313","reference_id":"","reference_type":"","scores":[{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65072","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65119","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65113","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65101","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65114","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00473","scoring_system":"epss","scoring_elements":"0.65125","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6313"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6313","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6313"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427217","reference_id":"1427217","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427217"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856445","reference_id":"856445","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856445"},{"reference_url":"https://security.gentoo.org/glsa/201709-08","reference_id":"GLSA-201709-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-08"},{"reference_url":"https://usn.ubuntu.com/3532-1/","reference_id":"USN-3532-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3532-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96091?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.36.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.36.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-6313"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uwbw-sq6d-rbh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69847?format=json","vulnerability_id":"VCID-waea-yw4r-uue8","summary":"gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2897.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2897","reference_id":"","reference_type":"","scores":[{"value":"0.00985","scoring_system":"epss","scoring_elements":"0.77169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00985","scoring_system":"epss","scoring_elements":"0.77201","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00985","scoring_system":"epss","scoring_elements":"0.77211","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00985","scoring_system":"epss","scoring_elements":"0.77199","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00985","scoring_system":"epss","scoring_elements":"0.77189","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00985","scoring_system":"epss","scoring_elements":"0.7721","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2897"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=727081","reference_id":"727081","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=727081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96081?format=json","purl":"pkg:deb/debian/gdk-pixbuf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2011-2897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-waea-yw4r-uue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69860?format=json","vulnerability_id":"VCID-x9aj-kvkp-rye3","summary":"Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8875.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8875.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8875","reference_id":"","reference_type":"","scores":[{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69781","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.6982","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69829","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69809","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00598","scoring_system":"epss","scoring_elements":"0.69831","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8875"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8875"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1337063","reference_id":"1337063","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1337063"},{"reference_url":"https://usn.ubuntu.com/3085-1/","reference_id":"USN-3085-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3085-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96087?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.34.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.34.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-8875"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9aj-kvkp-rye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69869?format=json","vulnerability_id":"VCID-y22p-7rz5-1ffq","summary":"The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6314.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6314.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6314","reference_id":"","reference_type":"","scores":[{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63555","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63547","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63536","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63556","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6314"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6314","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6314"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427218","reference_id":"1427218","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427218"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856448","reference_id":"856448","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856448"},{"reference_url":"https://security.gentoo.org/glsa/201709-08","reference_id":"GLSA-201709-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-08"},{"reference_url":"https://usn.ubuntu.com/3532-1/","reference_id":"USN-3532-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3532-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96091?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.36.11-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.36.11-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2017-6314"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y22p-7rz5-1ffq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69858?format=json","vulnerability_id":"VCID-y52c-a5zt-r7hu","summary":"Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7674.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7674.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7674","reference_id":"","reference_type":"","scores":[{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77097","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77128","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77138","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77127","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77117","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77139","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7674"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268249","reference_id":"1268249","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1268249"},{"reference_url":"https://security.gentoo.org/glsa/201512-05","reference_id":"GLSA-201512-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-05"},{"reference_url":"https://usn.ubuntu.com/2767-1/","reference_id":"USN-2767-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2767-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/96086?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.32.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.32.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96074?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.2%2Bdfsg-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.2%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96072?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.10%2Bdfsg-1%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.10%252Bdfsg-1%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96076?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.42.12%2Bdfsg-4%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.42.12%252Bdfsg-4%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/96075?format=json","purl":"pkg:deb/debian/gdk-pixbuf@2.44.6%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}],"aliases":["CVE-2015-7674"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y52c-a5zt-r7hu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gdk-pixbuf@2.44.6%252Bdfsg-2%3Fdistro=trixie"}