{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","type":"deb","namespace":"debian","name":"tiff","version":"4.2.0-1+deb11u5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.5.0-6+deb12u4","latest_non_vulnerable_version":"4.7.1-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18803?format=json","vulnerability_id":"VCID-1hfc-b4qr-jqgk","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\nAn issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40090.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40090.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40090","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01658","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01634","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01641","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01639","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0155","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01553","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01557","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01564","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01544","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01532","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01547","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40090"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/455","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:40:16Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/455"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/386","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:40:16Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/386"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234970","reference_id":"2234970","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234970"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40090","reference_id":"CVE-2022-40090","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2289","reference_id":"RHSA-2024:2289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2289"},{"reference_url":"https://usn.ubuntu.com/6512-1/","reference_id":"USN-6512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2022-40090"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hfc-b4qr-jqgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74691?format=json","vulnerability_id":"VCID-1nme-2pjx-q7hp","summary":"libtiff: NULL pointer dereference in tif_dirinfo.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7006.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7006.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7006","reference_id":"","reference_type":"","scores":[{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66082","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00501","scoring_system":"epss","scoring_elements":"0.66084","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67684","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67672","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67638","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67673","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67685","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00541","scoring_system":"epss","scoring_elements":"0.67664","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70115","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70036","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70051","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70028","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70076","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70092","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078648","reference_id":"1078648","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078648"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302996","reference_id":"2302996","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302996"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb","reference_id":"cpe:/a:redhat:rhel_eus:9.2::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-7006","reference_id":"CVE-2024-7006","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-7006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6360","reference_id":"RHSA-2024:6360","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6360"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8833","reference_id":"RHSA-2024:8833","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8914","reference_id":"RHSA-2024:8914","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T02:10:18Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8914"},{"reference_url":"https://usn.ubuntu.com/6997-1/","reference_id":"USN-6997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6997-1/"},{"reference_url":"https://usn.ubuntu.com/6997-2/","reference_id":"USN-6997-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6997-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2024-7006"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nme-2pjx-q7hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18009?format=json","vulnerability_id":"VCID-2ds7-xq64-9ue2","summary":"NULL Pointer Dereference\nA NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3316","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05658","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0569","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05697","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0573","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05757","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05735","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05721","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06223","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06263","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06254","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06208","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3316"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216080","reference_id":"2216080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216080"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/468","reference_id":"468","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/468"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/515","reference_id":"515","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3316","reference_id":"CVE-2023-3316","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3316"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T21:09:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6229-1/","reference_id":"USN-6229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6229-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2023-3316"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ds7-xq64-9ue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19682?format=json","vulnerability_id":"VCID-38sj-85gt-sfhe","summary":"Out-of-bounds Write\nA heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3164.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3164","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01184","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01099","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01111","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0118","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01183","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0119","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01116","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01122","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01128","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01112","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01108","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3164"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213531","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-08T17:05:44Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3164"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/542","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-08T17:05:44Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/542"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3164","reference_id":"CVE-2023-3164","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2023-12-08T17:05:44Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-3164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3164","reference_id":"CVE-2023-3164","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3164"},{"reference_url":"https://usn.ubuntu.com/6827-1/","reference_id":"USN-6827-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6827-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2023-3164"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38sj-85gt-sfhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17138?format=json","vulnerability_id":"VCID-4mhv-7vrm-v7hv","summary":"Out-of-bounds Read\nA flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1916.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1916","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03478","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03439","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03562","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03569","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03575","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03529","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03552","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03508","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03427","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04334","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04356","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05966","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1916"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/536","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/536"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/536,","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/536,"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/537","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/537"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185074","reference_id":"2185074","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185074"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1916","reference_id":"CVE-2023-1916","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1916"},{"reference_url":"https://usn.ubuntu.com/6428-1/","reference_id":"USN-6428-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6428-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2023-1916"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mhv-7vrm-v7hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18129?format=json","vulnerability_id":"VCID-6dt6-ppka-b3ct","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26966","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07301","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07297","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07283","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07273","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07203","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07198","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07323","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07282","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07241","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0722","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07274","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08031","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08398","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08366","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26966"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/530","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/530"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/473","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/473"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218749","reference_id":"2218749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218749"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26966","reference_id":"CVE-2023-26966","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26966"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T15:42:13Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6229-1/","reference_id":"USN-6229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6229-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2023-26966"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dt6-ppka-b3ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64440?format=json","vulnerability_id":"VCID-7zdy-fxq2-p7gf","summary":"libtiff: libtiff: Denial of service via double free in tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61145.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61145","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02005","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02001","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01979","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01981","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02066","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0205","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02046","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02022","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02018","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02019","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02036","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289","reference_id":"062f109569196dbffd8ac12020b42289","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:28:55Z/"}],"url":"https://gist.github.com/optionGo/062f109569196dbffd8ac12020b42289"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441975","reference_id":"2441975","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441975"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/736","reference_id":"736","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:28:55Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/736"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/753","reference_id":"753","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:28:55Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7504","reference_id":"RHSA-2026:7504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7504"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1059999?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1054005?format=json","purl":"pkg:deb/debian/tiff@4.7.1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2"}],"aliases":["CVE-2025-61145"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zdy-fxq2-p7gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64441?format=json","vulnerability_id":"VCID-9grz-pkwb-3kc5","summary":"libtiff: libtiff: Denial of Service via buffer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61144.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61144.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61144","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08572","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08595","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08542","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08615","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0864","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08637","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08614","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08601","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08625","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08636","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08589","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08624","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61144"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/09f53a86cf26dfd961925227e59e180db617f26d","reference_id":"09f53a86cf26dfd961925227e59e180db617f26d","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/09f53a86cf26dfd961925227e59e180db617f26d"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441977","reference_id":"2441977","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441977"},{"reference_url":"https://gist.github.com/optionGo/5ad17e96a0a40f03578dd6c9f8645952","reference_id":"5ad17e96a0a40f03578dd6c9f8645952","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/"}],"url":"https://gist.github.com/optionGo/5ad17e96a0a40f03578dd6c9f8645952"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/740","reference_id":"740","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/740"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/757","reference_id":"757","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/757"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa","reference_id":"88cf9dbb48f6e172629795ecffae35d5052f68aa","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-25T14:26:52Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7504","reference_id":"RHSA-2026:7504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7504"},{"reference_url":"https://usn.ubuntu.com/8113-1/","reference_id":"USN-8113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1059999?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/994559?format=json","purl":"pkg:deb/debian/tiff@4.7.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1054005?format=json","purl":"pkg:deb/debian/tiff@4.7.1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2"}],"aliases":["CVE-2025-61144"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9grz-pkwb-3kc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20635?format=json","vulnerability_id":"VCID-a8jf-xmj8-cuh6","summary":"This advisory is a False-Positive and has been removed as it only impacted documentation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52355.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52355","reference_id":"","reference_type":"","scores":[{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.799","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79845","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79848","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79877","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79884","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79774","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79811","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79819","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79841","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79817","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01313","scoring_system":"epss","scoring_elements":"0.79844","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52355"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251326","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52355"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/621","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/621"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-52355","reference_id":"CVE-2023-52355","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-52355"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52355","reference_id":"CVE-2023-52355","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20801","reference_id":"RHSA-2025:20801","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:20801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21994","reference_id":"RHSA-2025:21994","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:49:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2023-52355"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8jf-xmj8-cuh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68445?format=json","vulnerability_id":"VCID-b4hb-cxzy-suck","summary":"libtiff: LibTIFF Null Pointer Dereference","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13978.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-13978","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10397","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10464","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11597","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11395","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11561","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11586","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11527","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11441","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14502","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14469","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14397","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.145","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16241","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-13978"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13978"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111323","reference_id":"1111323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111323"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386059","reference_id":"2386059","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386059"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4","reference_id":"2ebfffb0e8836bfb1cd7d85c059cd285c59761a4","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/649","reference_id":"649","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/649"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/667","reference_id":"667","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/667"},{"reference_url":"https://vuldb.com/?ctiid.318355","reference_id":"?ctiid.318355","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/"}],"url":"https://vuldb.com/?ctiid.318355"},{"reference_url":"https://vuldb.com/?id.318355","reference_id":"?id.318355","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/"}],"url":"https://vuldb.com/?id.318355"},{"reference_url":"https://vuldb.com/?submit.624562","reference_id":"?submit.624562","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/"}],"url":"https://vuldb.com/?submit.624562"},{"reference_url":"http://www.libtiff.org/","reference_id":"www.libtiff.org","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T14:24:36Z/"}],"url":"http://www.libtiff.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2024-13978"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4hb-cxzy-suck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68403?format=json","vulnerability_id":"VCID-d8kh-h6vs-gqd4","summary":"libtiff: LibTIFF memory corruption","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8961.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8961","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11003","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10888","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1102","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11017","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10964","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11065","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10844","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1083","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10966","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10989","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11966","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12065","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12099","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12119","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8961"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111317","reference_id":"1111317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111317"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388541","reference_id":"2388541","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388541"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/721","reference_id":"721","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/721"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960","reference_id":"721#note_2670686960","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960"},{"reference_url":"https://vuldb.com/?ctiid.319955","reference_id":"?ctiid.319955","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/"}],"url":"https://vuldb.com/?ctiid.319955"},{"reference_url":"https://vuldb.com/?id.319955","reference_id":"?id.319955","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/"}],"url":"https://vuldb.com/?id.319955"},{"reference_url":"https://vuldb.com/?submit.627957","reference_id":"?submit.627957","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/"}],"url":"https://vuldb.com/?submit.627957"},{"reference_url":"https://usn.ubuntu.com/7783-1/","reference_id":"USN-7783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7783-1/"},{"reference_url":"https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/"}],"url":"https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing"},{"reference_url":"http://www.libtiff.org/","reference_id":"www.libtiff.org","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:20:40Z/"}],"url":"http://www.libtiff.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2025-8961"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d8kh-h6vs-gqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68438?format=json","vulnerability_id":"VCID-dg96-zmw1-8kcp","summary":"libtiff: Libtiff Null Pointer Dereference Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8534.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8534.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8534","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09317","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09367","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09354","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09278","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10475","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10445","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1025","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10408","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10431","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13195","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1322","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13091","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13225","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8534"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386450","reference_id":"2386450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386450"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b","reference_id":"6ba36f159fd396ad11bf6b7874554197736ecc8b","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/718","reference_id":"718","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/718"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/746","reference_id":"746","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/746"},{"reference_url":"https://vuldb.com/?ctiid.318664","reference_id":"?ctiid.318664","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/"}],"url":"https://vuldb.com/?ctiid.318664"},{"reference_url":"https://vuldb.com/?id.318664","reference_id":"?id.318664","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/"}],"url":"https://vuldb.com/?id.318664"},{"reference_url":"https://vuldb.com/?submit.617831","reference_id":"?submit.617831","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/"}],"url":"https://vuldb.com/?submit.617831"},{"reference_url":"https://usn.ubuntu.com/7707-1/","reference_id":"USN-7707-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7707-1/"},{"reference_url":"https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link","reference_id":"view?usp=drive_link","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/"}],"url":"https://drive.google.com/file/d/15JPA3kLYiYD-nRNJ8y8HmnYjhv9NE7k6/view?usp=drive_link"},{"reference_url":"http://www.libtiff.org/","reference_id":"www.libtiff.org","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-05T15:26:00Z/"}],"url":"http://www.libtiff.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1059999?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/994559?format=json","purl":"pkg:deb/debian/tiff@4.7.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1054005?format=json","purl":"pkg:deb/debian/tiff@4.7.1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2"}],"aliases":["CVE-2025-8534"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dg96-zmw1-8kcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13532?format=json","vulnerability_id":"VCID-h9ap-xxmw-j7dr","summary":"Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1056.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1056","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17272","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17486","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17266","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17357","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17429","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17381","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17327","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23084","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23077","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22859","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22869","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22864","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1056"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/391","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/391"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/307","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/307"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2233599","reference_id":"2233599","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2233599"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1056","reference_id":"CVE-2022-1056","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1056"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json","reference_id":"CVE-2022-1056.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1056.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2022-1056"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9ap-xxmw-j7dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18138?format=json","vulnerability_id":"VCID-k8kt-55y9-qyac","summary":"NULL Pointer Dereference\nA null pointer dereference issue was discovered in Libtiff's tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2908.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2908","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0239","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02294","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02289","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02305","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02307","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02321","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02339","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02317","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02318","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02314","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02312","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02369","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02838","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0278","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2908"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218830","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2908"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/479","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/479"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-2908","reference_id":"CVE-2023-2908","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-2908"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2908","reference_id":"CVE-2023-2908","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2908"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230731-0004/","reference_id":"ntap-20230731-0004","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-28T13:04:03Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230731-0004/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2023-2908"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8kt-55y9-qyac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67453?format=json","vulnerability_id":"VCID-n3ta-dm1y-gya5","summary":"libtiff: Libtiff Write-What-Where","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9900.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9900","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1073","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10838","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10767","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10784","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10695","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10819","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10844","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10876","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10863","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10902","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10806","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11566","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12031","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9900"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392784","reference_id":"2392784","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392784"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/704","reference_id":"704","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/704"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/732","reference_id":"732","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/732"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_aus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb","reference_id":"cpe:/a:redhat:rhel_eus:9.4::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream","reference_id":"cpe:/a:redhat:rhel_tus:8.8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1","reference_id":"cpe:/o:redhat:enterprise_linux:10.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-9900","reference_id":"CVE-2025-9900","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-9900"},{"reference_url":"https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file","reference_id":"LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17651","reference_id":"RHSA-2025:17651","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:17651"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17675","reference_id":"RHSA-2025:17675","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:17675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17710","reference_id":"RHSA-2025:17710","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:17710"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17738","reference_id":"RHSA-2025:17738","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:17738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17739","reference_id":"RHSA-2025:17739","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:17739"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17740","reference_id":"RHSA-2025:17740","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:17740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19113","reference_id":"RHSA-2025:19113","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19156","reference_id":"RHSA-2025:19156","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19156"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19276","reference_id":"RHSA-2025:19276","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19906","reference_id":"RHSA-2025:19906","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19947","reference_id":"RHSA-2025:19947","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:19947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20956","reference_id":"RHSA-2025:20956","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:20956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20998","reference_id":"RHSA-2025:20998","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:20998"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21060","reference_id":"RHSA-2025:21060","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21061","reference_id":"RHSA-2025:21061","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21062","reference_id":"RHSA-2025:21062","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21407","reference_id":"RHSA-2025:21407","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21506","reference_id":"RHSA-2025:21506","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21507","reference_id":"RHSA-2025:21507","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21508","reference_id":"RHSA-2025:21508","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21994","reference_id":"RHSA-2025:21994","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0001","reference_id":"RHSA-2026:0001","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0076","reference_id":"RHSA-2026:0076","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0077","reference_id":"RHSA-2026:0077","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0078","reference_id":"RHSA-2026:0078","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7504","reference_id":"RHSA-2026:7504","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7504"},{"reference_url":"https://usn.ubuntu.com/7783-1/","reference_id":"USN-7783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7783-1/"},{"reference_url":"https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html","reference_id":"v4.7.1.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-24T03:55:16Z/"}],"url":"https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2025-9900"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n3ta-dm1y-gya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68415?format=json","vulnerability_id":"VCID-ndc5-qn5u-3qbq","summary":"libtiff: LibTIFF Stack-based buffer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8851.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8851.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8851","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05247","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05338","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05305","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05316","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05328","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05279","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0536","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05747","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05964","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05928","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.059","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05755","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07328","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8851"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387618","reference_id":"2387618","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387618"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3","reference_id":"8a7a48d7a645992ca83062b3a1873c951661e2b3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3"},{"reference_url":"https://vuldb.com/?ctiid.319382","reference_id":"?ctiid.319382","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/"}],"url":"https://vuldb.com/?ctiid.319382"},{"reference_url":"https://vuldb.com/?id.319382","reference_id":"?id.319382","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/"}],"url":"https://vuldb.com/?id.319382"},{"reference_url":"https://vuldb.com/?submit.624604","reference_id":"?submit.624604","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/"}],"url":"https://vuldb.com/?submit.624604"},{"reference_url":"https://usn.ubuntu.com/7707-1/","reference_id":"USN-7707-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7707-1/"},{"reference_url":"http://www.libtiff.org/","reference_id":"www.libtiff.org","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T17:32:45Z/"}],"url":"http://www.libtiff.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2025-8851"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndc5-qn5u-3qbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17889?format=json","vulnerability_id":"VCID-ndwc-beev-43ck","summary":"Out-of-bounds Write\nloadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26965","reference_id":"","reference_type":"","scores":[{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00733","published_at":"2026-04-02T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00736","published_at":"2026-04-07T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0073","published_at":"2026-04-04T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00735","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00726","published_at":"2026-04-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00796","published_at":"2026-04-13T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.008","published_at":"2026-04-18T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00795","published_at":"2026-04-16T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00844","published_at":"2026-04-29T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00801","published_at":"2026-04-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00846","published_at":"2026-04-24T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00845","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26965"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/472","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/472"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215206","reference_id":"2215206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215206"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26965","reference_id":"CVE-2023-26965","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26965"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0009/","reference_id":"ntap-20230706-0009","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:22:37Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230706-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6229-1/","reference_id":"USN-6229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6229-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2023-26965"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndwc-beev-43ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64442?format=json","vulnerability_id":"VCID-r186-xqyn-ffey","summary":"libtiff: libtiff: Denial of Service via NULL pointer dereference in tif_open.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61143.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61143","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02099","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02134","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02077","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02051","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02065","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02149","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02115","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02108","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02106","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02102","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02096","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-61143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441978","reference_id":"2441978","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441978"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/737","reference_id":"737","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/737"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/755","reference_id":"755","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/755"},{"reference_url":"https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa","reference_id":"9c024cd8e7b131463b84dc60af9bb0aa","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T14:23:47Z/"}],"url":"https://gist.github.com/optionGo/9c024cd8e7b131463b84dc60af9bb0aa"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7504","reference_id":"RHSA-2026:7504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7504"},{"reference_url":"https://usn.ubuntu.com/8113-1/","reference_id":"USN-8113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8113-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1059999?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/994559?format=json","purl":"pkg:deb/debian/tiff@4.7.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1054005?format=json","purl":"pkg:deb/debian/tiff@4.7.1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2"}],"aliases":["CVE-2025-61143"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r186-xqyn-ffey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78095?format=json","vulnerability_id":"VCID-rp7t-x7gz-9udg","summary":"libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6228.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6228.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6228","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03369","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03381","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03398","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03401","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03423","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03382","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03355","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03307","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03318","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03435","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0342","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03426","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03471","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6228"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6228"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240995","reference_id":"2240995","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240995"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2289","reference_id":"RHSA-2024:2289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2289"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5079","reference_id":"RHSA-2024:5079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5079"},{"reference_url":"https://usn.ubuntu.com/6644-1/","reference_id":"USN-6644-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6644-1/"},{"reference_url":"https://usn.ubuntu.com/6644-2/","reference_id":"USN-6644-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6644-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2023-6228"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp7t-x7gz-9udg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68486?format=json","vulnerability_id":"VCID-sqxq-hg7v-d7gv","summary":"libtiff: LibTIFF Buffer Overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8177.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8177","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05168","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0527","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05251","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05219","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.065","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06493","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07513","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07429","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07461","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8177"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383608","reference_id":"2383608","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383608"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/715","reference_id":"715","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/715"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/737","reference_id":"737","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/737"},{"reference_url":"https://vuldb.com/?ctiid.317591","reference_id":"?ctiid.317591","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/"}],"url":"https://vuldb.com/?ctiid.317591"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22","reference_id":"e8c9d6c616b19438695fd829e58ae4fde5bfbc22","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22"},{"reference_url":"https://vuldb.com/?id.317591","reference_id":"?id.317591","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/"}],"url":"https://vuldb.com/?id.317591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21407","reference_id":"RHSA-2025:21407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21407"},{"reference_url":"https://vuldb.com/?submit.621797","reference_id":"?submit.621797","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/"}],"url":"https://vuldb.com/?submit.621797"},{"reference_url":"https://usn.ubuntu.com/7707-1/","reference_id":"USN-7707-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7707-1/"},{"reference_url":"http://www.libtiff.org/","reference_id":"www.libtiff.org","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T18:34:41Z/"}],"url":"http://www.libtiff.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1059999?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1054005?format=json","purl":"pkg:deb/debian/tiff@4.7.1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2"}],"aliases":["CVE-2025-8177"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqxq-hg7v-d7gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64120?format=json","vulnerability_id":"VCID-ttb7-w41r-4kfn","summary":"libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4775","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09462","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10702","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11774","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1186","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23888","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23898","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23945","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24077","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23926","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23972","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23989","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.24038","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26266","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632","reference_id":"1132632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450768","reference_id":"2450768","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450768"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1","reference_id":"cpe:/a:redhat:hummingbird:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1","reference_id":"cpe:/o:redhat:enterprise_linux:10.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4775","reference_id":"CVE-2026-4775","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12265","reference_id":"RHSA-2026:12265","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-24T15:07:35Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:12265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12271","reference_id":"RHSA-2026:12271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12271"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1059999?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1054005?format=json","purl":"pkg:deb/debian/tiff@4.7.1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2"}],"aliases":["CVE-2026-4775"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttb7-w41r-4kfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20633?format=json","vulnerability_id":"VCID-ua38-ur2u-eues","summary":"Out-of-bounds Write\nA segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52356.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52356","reference_id":"","reference_type":"","scores":[{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.69868","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72436","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72848","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72831","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72823","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72864","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72771","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72917","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72824","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.7281","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00849","scoring_system":"epss","scoring_elements":"0.74896","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-52356"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251344","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52356"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/622","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/622"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/546","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/546"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524","reference_id":"1061524","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061524"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9","reference_id":"cpe:/a:redhat:ai_inference_server:3.3::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9","reference_id":"cpe:/a:redhat:discovery:2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb","reference_id":"cpe:/a:redhat:enterprise_linux:8::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb","reference_id":"cpe:/a:redhat:rhel_eus:9.6::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10","reference_id":"cpe:/o:redhat:enterprise_linux:10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1","reference_id":"cpe:/o:redhat:enterprise_linux:10.1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0","reference_id":"cpe:/o:redhat:enterprise_linux_eus:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-52356","reference_id":"CVE-2023-52356","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-52356"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52356","reference_id":"CVE-2023-52356","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52356"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5079","reference_id":"RHSA-2024:5079","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:5079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20801","reference_id":"RHSA-2025:20801","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:20801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21994","reference_id":"RHSA-2025:21994","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5958","reference_id":"RHSA-2026:5958","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:5958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7081","reference_id":"RHSA-2026:7081","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7081"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7304","reference_id":"RHSA-2026:7304","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7304"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7335","reference_id":"RHSA-2026:7335","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:7335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-28T01:27:48Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://usn.ubuntu.com/6644-1/","reference_id":"USN-6644-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6644-1/"},{"reference_url":"https://usn.ubuntu.com/6644-2/","reference_id":"USN-6644-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6644-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2023-52356"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ua38-ur2u-eues"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77973?format=json","vulnerability_id":"VCID-ukgj-45m7-6uba","summary":"libtiff: Out-of-memory in TIFFOpen via a craft file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6277.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6277","reference_id":"","reference_type":"","scores":[{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.88062","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.87979","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.88025","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.88035","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.88028","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.88041","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.8804","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.88039","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.88057","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.87993","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.87998","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0375","scoring_system":"epss","scoring_elements":"0.88019","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6277"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056751","reference_id":"1056751","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251311","reference_id":"2251311","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:20:31Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251311"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/545","reference_id":"545","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:20:31Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/545"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/614","reference_id":"614","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:20:31Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/614"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6277","reference_id":"CVE-2023-6277","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-17T17:20:31Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6277"},{"reference_url":"https://usn.ubuntu.com/6644-1/","reference_id":"USN-6644-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6644-1/"},{"reference_url":"https://usn.ubuntu.com/6644-2/","reference_id":"USN-6644-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6644-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2023-6277"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukgj-45m7-6uba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18361?format=json","vulnerability_id":"VCID-v4rx-c1w4-pbb3","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nA flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3618","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43835","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44003","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44026","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43957","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44008","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4401","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44025","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44039","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4403","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43964","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.43916","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.4392","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3618"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215865","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/8a4f6b587be4fa7bb39fe17f5f9dec52182ab26e"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945","reference_id":"1040945","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040945"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9","reference_id":"cpe:/o:redhat:enterprise_linux:9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3618","reference_id":"CVE-2023-3618","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-3618"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3618","reference_id":"CVE-2023-3618","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3618"},{"reference_url":"https://support.apple.com/kb/HT214036","reference_id":"HT214036","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/"}],"url":"https://support.apple.com/kb/HT214036"},{"reference_url":"https://support.apple.com/kb/HT214037","reference_id":"HT214037","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/"}],"url":"https://support.apple.com/kb/HT214037"},{"reference_url":"https://support.apple.com/kb/HT214038","reference_id":"HT214038","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/"}],"url":"https://support.apple.com/kb/HT214038"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230824-0012/","reference_id":"ntap-20230824-0012","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:26:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230824-0012/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2289","reference_id":"RHSA-2024:2289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2289"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2023-3618"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4rx-c1w4-pbb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68487?format=json","vulnerability_id":"VCID-vju4-pghv-47bx","summary":"libtiff: LibTIFF Use-After-Free Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8176.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8176","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04648","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04672","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04732","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0472","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04686","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06044","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06001","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05993","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06027","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06035","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06901","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06918","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06895","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06924","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8176"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383598","reference_id":"2383598","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2383598"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/707","reference_id":"707","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/707"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/727","reference_id":"727","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/727"},{"reference_url":"https://vuldb.com/?ctiid.317590","reference_id":"?ctiid.317590","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/"}],"url":"https://vuldb.com/?ctiid.317590"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172","reference_id":"fe10872e53efba9cc36c66ac4ab3b41a839d5172","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"},{"reference_url":"https://vuldb.com/?id.317590","reference_id":"?id.317590","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/"}],"url":"https://vuldb.com/?id.317590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19113","reference_id":"RHSA-2025:19113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19113"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:19906","reference_id":"RHSA-2025:19906","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:19906"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20034","reference_id":"RHSA-2025:20034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:20956","reference_id":"RHSA-2025:20956","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:20956"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21407","reference_id":"RHSA-2025:21407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21507","reference_id":"RHSA-2025:21507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21508","reference_id":"RHSA-2025:21508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21994","reference_id":"RHSA-2025:21994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23078","reference_id":"RHSA-2025:23078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23079","reference_id":"RHSA-2025:23079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23080","reference_id":"RHSA-2025:23080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0001","reference_id":"RHSA-2026:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0076","reference_id":"RHSA-2026:0076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0077","reference_id":"RHSA-2026:0077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0078","reference_id":"RHSA-2026:0078","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0078"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3461","reference_id":"RHSA-2026:3461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3462","reference_id":"RHSA-2026:3462","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3462"},{"reference_url":"https://vuldb.com/?submit.621796","reference_id":"?submit.621796","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/"}],"url":"https://vuldb.com/?submit.621796"},{"reference_url":"https://usn.ubuntu.com/7707-1/","reference_id":"USN-7707-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7707-1/"},{"reference_url":"http://www.libtiff.org/","reference_id":"www.libtiff.org","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-28T14:28:44Z/"}],"url":"http://www.libtiff.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1059999?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1054005?format=json","purl":"pkg:deb/debian/tiff@4.7.1-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.1-2"}],"aliases":["CVE-2025-8176"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vju4-pghv-47bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17674?format=json","vulnerability_id":"VCID-vrtj-45t6-cqec","summary":"Out-of-bounds Write\nA vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30775.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30775","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1942","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19563","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19575","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1947","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23223","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23346","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.2324","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23174","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23297","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23319","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23281","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30775"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187141","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:29:52Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/464","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:29:52Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/464"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-30775","reference_id":"CVE-2023-30775","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:29:52Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-30775"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30775","reference_id":"CVE-2023-30775","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30775"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230703-0002/","reference_id":"ntap-20230703-0002","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:29:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230703-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2023-30775"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrtj-45t6-cqec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68282?format=json","vulnerability_id":"VCID-yfxw-tmnn-byc6","summary":"libtiff: LibTIFF memory leak","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9165.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9165.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9165","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0838","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08437","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08294","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08416","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08356","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08433","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09261","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09204","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-9165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9165"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111878","reference_id":"1111878","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111878"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2389574","reference_id":"2389574","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2389574"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/728","reference_id":"728","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/728"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/747","reference_id":"747","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/747"},{"reference_url":"https://vuldb.com/?ctiid.320543","reference_id":"?ctiid.320543","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"https://vuldb.com/?ctiid.320543"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0","reference_id":"ed141286a37f6e5ddafb5069347ff5d587e7a4e0","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0"},{"reference_url":"https://vuldb.com/?id.320543","reference_id":"?id.320543","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"https://vuldb.com/?id.320543"},{"reference_url":"https://vuldb.com/?submit.630506","reference_id":"?submit.630506","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"https://vuldb.com/?submit.630506"},{"reference_url":"https://vuldb.com/?submit.630507","reference_id":"?submit.630507","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"https://vuldb.com/?submit.630507"},{"reference_url":"https://usn.ubuntu.com/7783-1/","reference_id":"USN-7783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7783-1/"},{"reference_url":"https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing","reference_id":"view?usp=sharing","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing"},{"reference_url":"http://www.libtiff.org/","reference_id":"www.libtiff.org","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T20:31:35Z/"}],"url":"http://www.libtiff.org/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1068108?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994558?format=json","purl":"pkg:deb/debian/tiff@4.7.0-3%2Bdeb13u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-vju4-pghv-47bx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.7.0-3%252Bdeb13u1"}],"aliases":["CVE-2025-9165"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yfxw-tmnn-byc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18135?format=json","vulnerability_id":"VCID-z1vf-mhw2-ducs","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25433.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25433","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06633","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06643","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07226","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07307","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07302","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07202","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07247","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07289","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07209","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0761","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07641","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25433"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/520","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/520"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/467","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/467"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218744","reference_id":"2218744","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25433","reference_id":"CVE-2023-25433","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25433"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html","reference_id":"msg00034.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:30:31Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5079","reference_id":"RHSA-2024:5079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5079"},{"reference_url":"https://usn.ubuntu.com/6229-1/","reference_id":"USN-6229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6229-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994557?format=json","purl":"pkg:deb/debian/tiff@4.5.0-6%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-yfxw-tmnn-byc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.5.0-6%252Bdeb12u3"}],"aliases":["CVE-2023-25433"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1vf-mhw2-ducs"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19276?format=json","vulnerability_id":"VCID-15g8-3ryu-h3ga","summary":"Integer Overflow or Wraparound\nA vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41175.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41175","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51572","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51675","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51655","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51606","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51612","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56787","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56816","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56828","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56805","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56784","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56815","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56767","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.56764","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-41175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235264","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235264"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb","reference_id":"cpe:/a:redhat:enterprise_linux:9::crb","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::crb"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-41175","reference_id":"CVE-2023-41175","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-41175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41175","reference_id":"CVE-2023-41175","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2289","reference_id":"RHSA-2024:2289","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-29T19:34:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2289"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-41175"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15g8-3ryu-h3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14383?format=json","vulnerability_id":"VCID-1mh3-q3y5-qyg1","summary":"Out-of-bounds Read\nLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1622.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1622","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28448","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28028","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28219","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28107","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28542","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28585","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28387","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28453","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28495","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28497","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28405","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.2842","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28398","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.28345","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/410","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/410"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084269","reference_id":"2084269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084269"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1622","reference_id":"CVE-2022-1622","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1622"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json","reference_id":"CVE-2022-1622.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1622.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-1622"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mh3-q3y5-qyg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13265?format=json","vulnerability_id":"VCID-25fx-7kmb-fqhm","summary":"Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0924.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0924","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18072","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18084","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18116","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18023","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17999","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18082","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18166","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18222","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18226","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18179","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24564","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24601","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24438","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/278","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/278"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/311","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/311"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064148","reference_id":"2064148","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064148"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0924","reference_id":"CVE-2022-0924","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0924"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json","reference_id":"CVE-2022-0924.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0924.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-0924"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25fx-7kmb-fqhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16438?format=json","vulnerability_id":"VCID-2u8w-cy3j-9fen","summary":"Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0800","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07234","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07256","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07311","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07243","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07365","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07329","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/496","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/496"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170167","reference_id":"2170167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170167"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0800","reference_id":"CVE-2023-0800","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0800"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json","reference_id":"CVE-2023-0800.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0002/","reference_id":"ntap-20230316-0002","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:01:02Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5353","reference_id":"RHSA-2023:5353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5353"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0800"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u8w-cy3j-9fen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19277?format=json","vulnerability_id":"VCID-3wfj-nc9t-xfgp","summary":"Integer Overflow or Wraparound\nLibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40745.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40745","reference_id":"","reference_type":"","scores":[{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51401","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51503","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51481","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51434","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5144","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56671","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.5665","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56681","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56688","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56632","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56653","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56683","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235265","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235265"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-40745","reference_id":"CVE-2023-40745","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2023-40745"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40745","reference_id":"CVE-2023-40745","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2289","reference_id":"RHSA-2024:2289","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2289"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-40745"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3wfj-nc9t-xfgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79310?format=json","vulnerability_id":"VCID-44ee-ueju-ykae","summary":"libtiff: division by zero issues in tiffcrop","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2057.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2057.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2057","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25652","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25763","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25699","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25771","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25904","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25805","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25808","published_at":"2026-04-16T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27786","published_at":"2026-04-02T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27824","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/427","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/427"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/346","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494","reference_id":"1014494","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2103222","reference_id":"2103222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2103222"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2057","reference_id":"CVE-2022-2057","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2057"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json","reference_id":"CVE-2022-2057.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2057.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0302","reference_id":"RHSA-2023:0302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0302"},{"reference_url":"https://usn.ubuntu.com/5619-1/","reference_id":"USN-5619-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5619-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2057"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44ee-ueju-ykae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16452?format=json","vulnerability_id":"VCID-44zu-mtmq-57cm","summary":"Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0801","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07234","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07256","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07311","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07243","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07365","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07329","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/498","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/498"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170172","reference_id":"2170172","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170172"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0801","reference_id":"CVE-2023-0801","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0801"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json","reference_id":"CVE-2023-0801.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0002/","reference_id":"ntap-20230316-0002","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:00:40Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5353","reference_id":"RHSA-2023:5353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5353"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0801"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44zu-mtmq-57cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79411?format=json","vulnerability_id":"VCID-48tr-y71p-7fbb","summary":"libtiff: Assertion fail in rotateImage() function at tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2520.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2520","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17852","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17911","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17887","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18202","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18256","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17957","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18043","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18104","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18113","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1807","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1802","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17962","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17973","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18005","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/424","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/424"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/378","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670","reference_id":"1024670","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122792","reference_id":"2122792","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122792"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2520","reference_id":"CVE-2022-2520","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0302","reference_id":"RHSA-2023:0302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0302"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2520"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-48tr-y71p-7fbb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16434?format=json","vulnerability_id":"VCID-4egk-vvjq-dyhw","summary":"Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0795","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02005","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02067","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0203","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01995","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01973","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02039","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/493","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/493"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170119","reference_id":"2170119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170119"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0795","reference_id":"CVE-2023-0795","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0795"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json","reference_id":"CVE-2023-0795.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0003/","reference_id":"ntap-20230316-0003","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:12:34Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0795"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4egk-vvjq-dyhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13252?format=json","vulnerability_id":"VCID-4mq7-s2p6-yufr","summary":"Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0907.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0907","reference_id":"","reference_type":"","scores":[{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42924","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.4282","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42969","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42901","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42988","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42952","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43002","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43036","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.42985","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00206","scoring_system":"epss","scoring_elements":"0.43033","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/392","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/392"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/314","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/314"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064143","reference_id":"2064143","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064143"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0907","reference_id":"CVE-2022-0907","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0907"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json","reference_id":"CVE-2022-0907.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0907.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-0907"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mq7-s2p6-yufr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16450?format=json","vulnerability_id":"VCID-4pys-mah6-hfh6","summary":"Use After Free\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0799.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0799","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02715","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02852","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0273","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02737","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0274","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0276","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02731","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02712","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02692","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02702","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02816","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02806","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02794","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/494","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/494"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170162","reference_id":"2170162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170162"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0799","reference_id":"CVE-2023-0799","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0799"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json","reference_id":"CVE-2023-0799.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0003/","reference_id":"ntap-20230316-0003","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:34Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0799"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4pys-mah6-hfh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79413?format=json","vulnerability_id":"VCID-4srx-3gbk-eqd3","summary":"libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3626.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3626.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3626","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10954","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10876","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11009","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11006","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10952","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10977","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11479","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11505","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11509","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11632","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11588","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11548","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12237","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12191","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555","reference_id":"1022555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142741","reference_id":"2142741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142741"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047","reference_id":"236b7191f04c60d09ee836ae13b50f812c841047","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/426","reference_id":"426","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/426"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3626","reference_id":"CVE-2022-3626","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3626"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json","reference_id":"CVE-2022-3626.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230110-0001/","reference_id":"ntap-20230110-0001","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T15:00:37Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230110-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-3626"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4srx-3gbk-eqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12870?format=json","vulnerability_id":"VCID-5mak-1mkk-wkdg","summary":"NULL Pointer Dereference\nNull source pointer passed as an argument to `memcpy()` function within `TIFFFetchStripThing()` in `tif_dirread.c` in libtiff could lead to Denial of Service via crafted TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0561.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0561","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18283","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18461","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18404","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18418","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1844","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18342","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18326","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18425","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18505","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18557","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.1856","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18512","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27971","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28012","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27915","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/362","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054494","reference_id":"2054494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054494"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0561","reference_id":"CVE-2022-0561","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0561"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json","reference_id":"CVE-2022-0561.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-0561"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5mak-1mkk-wkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59341?format=json","vulnerability_id":"VCID-6cry-skqu-zke9","summary":"Multiple vulnerabilities have been found in LibTIFF, the worst of\n    which could result in the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35522.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35522","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13085","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1326","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1306","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13142","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13193","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13162","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13123","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13071","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12973","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12976","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13073","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13066","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13035","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1293","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932037","reference_id":"1932037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932037"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35522","reference_id":"CVE-2020-35522","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35522"},{"reference_url":"https://security.gentoo.org/glsa/202104-06","reference_id":"GLSA-202104-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4241","reference_id":"RHSA-2021:4241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4241"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2020-35522"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cry-skqu-zke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79860?format=json","vulnerability_id":"VCID-6kck-g3z6-cuge","summary":"libtiff: uint32_t underflow leads to out of bounds read and write in tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2867.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2867","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03602","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03423","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03542","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03549","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03511","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03512","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03536","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03462","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03437","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03412","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0743","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07472","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2118847","reference_id":"2118847","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2118847"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2867","reference_id":"CVE-2022-2867","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://usn.ubuntu.com/5604-1/","reference_id":"USN-5604-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5604-1/"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2867"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6kck-g3z6-cuge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59342?format=json","vulnerability_id":"VCID-6sb9-u71x-j7f5","summary":"Multiple vulnerabilities have been found in LibTIFF, the worst of\n    which could result in the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35523.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35523","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45379","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45569","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45566","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45431","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4544","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4547","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45525","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45527","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45546","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45516","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45521","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50258","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50287","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50218","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932040","reference_id":"1932040","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932040"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35523","reference_id":"CVE-2020-35523","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35523"},{"reference_url":"https://security.gentoo.org/glsa/202104-06","reference_id":"GLSA-202104-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4241","reference_id":"RHSA-2021:4241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4241"},{"reference_url":"https://usn.ubuntu.com/4755-1/","reference_id":"USN-4755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4755-1/"},{"reference_url":"https://usn.ubuntu.com/5841-1/","reference_id":"USN-5841-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5841-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2020-35523"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6sb9-u71x-j7f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59340?format=json","vulnerability_id":"VCID-6sx9-1yfw-63cg","summary":"Multiple vulnerabilities have been found in LibTIFF, the worst of\n    which could result in the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35521.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35521.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35521","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22025","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.2224","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22193","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22052","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22039","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22184","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22267","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22321","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22341","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.223","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22245","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30312","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.3036","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30283","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35521"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932034","reference_id":"1932034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932034"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35521","reference_id":"CVE-2020-35521","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35521"},{"reference_url":"https://security.gentoo.org/glsa/202104-06","reference_id":"GLSA-202104-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4241","reference_id":"RHSA-2021:4241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4241"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2020-35521"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6sx9-1yfw-63cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79575?format=json","vulnerability_id":"VCID-6wzx-7a3m-ufhm","summary":"libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3627.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3627.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3627","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07633","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07614","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08043","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08007","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07992","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0815","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08107","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08071","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08413","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0836","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555","reference_id":"1022555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142742","reference_id":"2142742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142742"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047","reference_id":"236b7191f04c60d09ee836ae13b50f812c841047","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/411","reference_id":"411","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/411"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3627","reference_id":"CVE-2022-3627","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3627"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json","reference_id":"CVE-2022-3627.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3627.json"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230110-0001/","reference_id":"ntap-20230110-0001","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T14:56:43Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230110-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2883","reference_id":"RHSA-2023:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2883"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-3627"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wzx-7a3m-ufhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14381?format=json","vulnerability_id":"VCID-72yx-48n1-jbfs","summary":"Out-of-bounds Read\nLibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1623.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1623","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.55978","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56157","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56145","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56133","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56151","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56089","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5614","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56823","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56865","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.56806","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/410","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/410"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084260","reference_id":"2084260","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2084260"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1623","reference_id":"CVE-2022-1623","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1623"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json","reference_id":"CVE-2022-1623.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1623.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-1623"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72yx-48n1-jbfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79410?format=json","vulnerability_id":"VCID-76g4-kacn-7yg7","summary":"libtiff: Double free or corruption in rotateImage() function at tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2519.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2519.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2519","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31241","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31448","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31322","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31775","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31819","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31638","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31689","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31718","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31722","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31681","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31644","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31678","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31657","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31625","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/423","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/423"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/378","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670","reference_id":"1024670","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122789","reference_id":"2122789","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122789"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2519","reference_id":"CVE-2022-2519","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0302","reference_id":"RHSA-2023:0302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0302"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2519"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76g4-kacn-7yg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79311?format=json","vulnerability_id":"VCID-8691-q4h3-eyaf","summary":"libtiff: division by zero issues in tiffcrop","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2058.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2058.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2058","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25652","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25763","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25699","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25771","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25904","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25805","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25808","published_at":"2026-04-16T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27786","published_at":"2026-04-02T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27824","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/428","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/428"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/346","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494","reference_id":"1014494","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2103222","reference_id":"2103222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2103222"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2058","reference_id":"CVE-2022-2058","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2058"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json","reference_id":"CVE-2022-2058.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2058.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0302","reference_id":"RHSA-2023:0302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0302"},{"reference_url":"https://usn.ubuntu.com/5619-1/","reference_id":"USN-5619-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5619-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2058"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8691-q4h3-eyaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17669?format=json","vulnerability_id":"VCID-9gqh-2uat-93c7","summary":"Out-of-bounds Write\nA vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30774","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06109","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05899","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0605","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06072","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06102","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06704","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06697","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06688","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06621","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06598","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06642","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06705","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30774"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187139","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2187139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30774"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/463","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/463"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-30774","reference_id":"CVE-2023-30774","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2023-30774"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30774","reference_id":"CVE-2023-30774","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-30774"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqh-2uat-93c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79412?format=json","vulnerability_id":"VCID-ap6w-9c6j-akdp","summary":"libtiff: Invalid pointer free operation in TIFFClose() at tif_close.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2521.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2521.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2521","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31241","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31448","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31322","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31775","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31819","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31638","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31689","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31718","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31722","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31681","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31644","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31678","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31657","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31625","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/422","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/422"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/378","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670","reference_id":"1024670","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122799","reference_id":"2122799","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122799"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2521","reference_id":"CVE-2022-2521","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2521"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0302","reference_id":"RHSA-2023:0302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0302"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2521"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ap6w-9c6j-akdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40058?format=json","vulnerability_id":"VCID-as9s-4ugc-ukgy","summary":"Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1354.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1354","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11193","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11395","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11188","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11268","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11323","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11329","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11295","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11269","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11131","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11133","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15747","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16367","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16261","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16257","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/319","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074404","reference_id":"2074404","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074404"},{"reference_url":"https://security.archlinux.org/AVG-2721","reference_id":"AVG-2721","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2721"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-1354","reference_id":"CVE-2022-1354","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2022-1354"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1354","reference_id":"CVE-2022-1354","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1354"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5619-1/","reference_id":"USN-5619-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5619-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-1354"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-as9s-4ugc-ukgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16440?format=json","vulnerability_id":"VCID-b33v-b6h4-cqfe","summary":"Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0804","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04817","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05029","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04842","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.0486","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04914","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04877","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04858","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04806","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04814","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04959","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.04992","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05032","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/497","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170192","reference_id":"2170192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170192"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0804","reference_id":"CVE-2023-0804","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0804"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json","reference_id":"CVE-2023-0804.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/","reference_id":"FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230324-0009/","reference_id":"ntap-20230324-0009","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T14:46:45Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230324-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5353","reference_id":"RHSA-2023:5353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5353"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0804"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b33v-b6h4-cqfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17517?format=json","vulnerability_id":"VCID-bnbg-7q6h-8uhs","summary":"Out-of-bounds Write\nBuffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.","references":[{"reference_url":"http://libtiff-release-v4-0-7.com","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/"}],"url":"http://libtiff-release-v4-0-7.com"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30086.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-30086.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30086","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23177","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23524","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23391","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23409","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23403","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23386","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23195","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23184","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23561","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23344","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23416","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23467","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23485","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30086"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/538","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/538"},{"reference_url":"http://tiffcp.com","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/"}],"url":"http://tiffcp.com"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2203650","reference_id":"2203650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2203650"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30086","reference_id":"CVE-2023-30086","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30086"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230616-0003/","reference_id":"ntap-20230616-0003","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T14:42:43Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230616-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-30086"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bnbg-7q6h-8uhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82581?format=json","vulnerability_id":"VCID-cbhv-yme7-buby","summary":"libtiff: buffer overflow in TIFFVGetField() in libtiff/tif_dir.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-19143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-19143","reference_id":"","reference_type":"","scores":[{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76583","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76586","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76615","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76627","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76639","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76666","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76636","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76677","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76681","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.7667","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76701","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76707","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.7672","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-19143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19143"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2003801","reference_id":"2003801","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2003801"},{"reference_url":"https://usn.ubuntu.com/5084-1/","reference_id":"USN-5084-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5084-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2020-19143"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbhv-yme7-buby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59344?format=json","vulnerability_id":"VCID-cm5h-b1g9-tkg9","summary":"Multiple vulnerabilities have been found in LibTIFF, the worst of\n    which could result in the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35524.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35524","reference_id":"","reference_type":"","scores":[{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.614","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61477","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61505","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61523","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61537","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61559","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61546","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61526","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61571","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61556","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61542","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61558","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00413","scoring_system":"epss","scoring_elements":"0.61553","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35524"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35524"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932044","reference_id":"1932044","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1932044"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35524","reference_id":"CVE-2020-35524","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35524"},{"reference_url":"https://security.gentoo.org/glsa/202104-06","reference_id":"GLSA-202104-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202104-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4241","reference_id":"RHSA-2021:4241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4241"},{"reference_url":"https://usn.ubuntu.com/4755-1/","reference_id":"USN-4755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4755-1/"},{"reference_url":"https://usn.ubuntu.com/5841-1/","reference_id":"USN-5841-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5841-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2020-35524"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm5h-b1g9-tkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16432?format=json","vulnerability_id":"VCID-cw7d-us77-2fhv","summary":"Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0796","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02005","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02067","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0203","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01995","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01973","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02039","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/499","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/499"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170146","reference_id":"2170146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0796","reference_id":"CVE-2023-0796","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0796"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json","reference_id":"CVE-2023-0796.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0003/","reference_id":"ntap-20230316-0003","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:11:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0796"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cw7d-us77-2fhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17945?format=json","vulnerability_id":"VCID-cwen-8yyj-x3aw","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25434.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25434.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25434","reference_id":"","reference_type":"","scores":[{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43312","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43294","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43326","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.43323","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00209","scoring_system":"epss","scoring_elements":"0.4326","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46498","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46538","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46549","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46575","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46547","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46556","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46613","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4661","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46557","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25434"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/519","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:18:44Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/519"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215209","reference_id":"2215209","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215209"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25434","reference_id":"CVE-2023-25434","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25434"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-25434"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwen-8yyj-x3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79628?format=json","vulnerability_id":"VCID-e6c2-ajs1-abdz","summary":"libtiff: out-of-bounds read in writeSingleSection in tools/tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3599.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3599.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3599","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10852","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10952","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10984","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10983","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10928","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11438","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11468","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1147","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11596","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1155","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11511","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12214","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12168","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555","reference_id":"1022555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142740","reference_id":"2142740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142740"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/398","reference_id":"398","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/398"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3599","reference_id":"CVE-2022-3599","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3599"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json","reference_id":"CVE-2022-3599.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3599.json"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230110-0001/","reference_id":"ntap-20230110-0001","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:34:19Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230110-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-3599"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6c2-ajs1-abdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13267?format=json","vulnerability_id":"VCID-gmhp-4yx2-gfbv","summary":"Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0909.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0909","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42396","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42254","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42405","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42341","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42337","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42467","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42497","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42435","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42486","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42495","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42518","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42451","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42476","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/393","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/393"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/310","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/310"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064146","reference_id":"2064146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064146"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0909","reference_id":"CVE-2022-0909","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0909"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json","reference_id":"CVE-2022-0909.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-0909"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmhp-4yx2-gfbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13221?format=json","vulnerability_id":"VCID-h6gn-kv5x-bbd5","summary":"Out-of-bounds Write\nA heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out-of-bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0891.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0891","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08006","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08054","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08185","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08139","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08082","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08105","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08097","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08157","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08179","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08172","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08153","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08136","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08041","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08026","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/380","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/380"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/382","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/382"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064411","reference_id":"2064411","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064411"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891","reference_id":"CVE-2022-0891","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0891"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json","reference_id":"CVE-2022-0891.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0891.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-0891"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6gn-kv5x-bbd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78885?format=json","vulnerability_id":"VCID-jdv4-3mf6-93hm","summary":"libtiff: integer overflow in function TIFFReadRGBATileExt of the file","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3970.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3970.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3970","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26732","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26891","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26798","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2679","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26847","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2677","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28622","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28727","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28688","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29027","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29209","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29096","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29854","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737","reference_id":"1024737","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024737"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2148918","reference_id":"2148918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2148918"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be","reference_id":"227500897dfb07fb7d27f7aa570050e62617e3be","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3970","reference_id":"CVE-2022-3970","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3970"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137","reference_id":"detail?id=53137","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137"},{"reference_url":"https://oss-fuzz.com/download?testcase_id=5738253143900160","reference_id":"download?testcase_id=5738253143900160","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/"}],"url":"https://oss-fuzz.com/download?testcase_id=5738253143900160"},{"reference_url":"https://support.apple.com/kb/HT213841","reference_id":"HT213841","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/"}],"url":"https://support.apple.com/kb/HT213841"},{"reference_url":"https://support.apple.com/kb/HT213843","reference_id":"HT213843","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/"}],"url":"https://support.apple.com/kb/HT213843"},{"reference_url":"https://vuldb.com/?id.213549","reference_id":"?id.213549","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/"}],"url":"https://vuldb.com/?id.213549"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221215-0009/","reference_id":"ntap-20221215-0009","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T16:57:45Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221215-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2883","reference_id":"RHSA-2023:2883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2883"},{"reference_url":"https://usn.ubuntu.com/5743-1/","reference_id":"USN-5743-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5743-1/"},{"reference_url":"https://usn.ubuntu.com/5743-2/","reference_id":"USN-5743-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5743-2/"},{"reference_url":"https://usn.ubuntu.com/5841-1/","reference_id":"USN-5841-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5841-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-3970"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jdv4-3mf6-93hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16157?format=json","vulnerability_id":"VCID-ju1t-bhyh-v7du","summary":"Out-of-bounds Write\nprocessCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-48281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-48281","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01158","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01091","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01093","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01099","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01104","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01089","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01077","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0116","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-48281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/488","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/488"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5333","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/"}],"url":"https://www.debian.org/security/2023/dsa-5333"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029653","reference_id":"1029653","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2163606","reference_id":"2163606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2163606"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48281","reference_id":"CVE-2022-48281","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48281"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230302-0004/","reference_id":"ntap-20230302-0004","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:03:44Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230302-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3827","reference_id":"RHSA-2023:3827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3827"},{"reference_url":"https://usn.ubuntu.com/5841-1/","reference_id":"USN-5841-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5841-1/"},{"reference_url":"https://usn.ubuntu.com/6290-1/","reference_id":"USN-6290-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6290-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-48281"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ju1t-bhyh-v7du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13250?format=json","vulnerability_id":"VCID-kpq7-5vsv-pucy","summary":"NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0908.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0908","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10543","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10569","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10703","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10653","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10651","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10687","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1075","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10609","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10682","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10737","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10752","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1072","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10558","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10575","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/383","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/383"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064145","reference_id":"2064145","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064145"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0908","reference_id":"CVE-2022-0908","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0908"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json","reference_id":"CVE-2022-0908.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0908.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-0908"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpq7-5vsv-pucy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12109?format=json","vulnerability_id":"VCID-mhwh-tsst-cfaj","summary":"Out-of-bounds Read\nLibTIFF has an out-of-bounds read in `_TIFFmemcpy` in `tif_unix.c` in certain situations involving a custom tag and `0x0200` as the second word of the `DE` field.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22844","reference_id":"","reference_type":"","scores":[{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18198","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18352","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18253","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18238","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18569","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18623","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18414","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18466","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18418","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18367","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18312","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00059","scoring_system":"epss","scoring_elements":"0.18325","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/355","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/355"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/287","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/287"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042603","reference_id":"2042603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2042603"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22844","reference_id":"CVE-2022-22844","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22844"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5523-1/","reference_id":"USN-5523-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-1/"},{"reference_url":"https://usn.ubuntu.com/5523-2/","reference_id":"USN-5523-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5523-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-22844"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhwh-tsst-cfaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19264?format=json","vulnerability_id":"VCID-pkdx-ktz1-mbbg","summary":"Missing Release of Memory after Effective Lifetime\nA memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3576","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05679","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05721","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05715","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05754","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05781","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05758","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0575","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.057","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06393","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06185","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06335","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06354","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06381","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3576"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219340","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41175"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3576","reference_id":"CVE-2023-3576","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2023-3576"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3576","reference_id":"CVE-2023-3576","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6575","reference_id":"RHSA-2023:6575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6575"},{"reference_url":"https://usn.ubuntu.com/6512-1/","reference_id":"USN-6512-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6512-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-3576"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkdx-ktz1-mbbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16447?format=json","vulnerability_id":"VCID-pnpt-r4ke-fufh","summary":"Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0803.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0803","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07234","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07256","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07311","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07243","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07365","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07329","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/501","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/501"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170187","reference_id":"2170187","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170187"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0803","reference_id":"CVE-2023-0803","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0803"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json","reference_id":"CVE-2023-0803.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0002/","reference_id":"ntap-20230316-0002","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:54:51Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5353","reference_id":"RHSA-2023:5353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5353"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0803"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pnpt-r4ke-fufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12866?format=json","vulnerability_id":"VCID-qsrb-hf2u-tudp","summary":"NULL Pointer Dereference\nNull source pointer passed as an argument to memcpy() function within `TIFFReadDirectory()` in `tif_dirread.c` in libtiff versions from to could lead to Denial of Service via a crafted TIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0562.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0562","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09639","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09596","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0958","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09473","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09625","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09672","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09497","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09571","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09618","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09626","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17853","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17906","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17693","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/build/omnibus-mirror/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/362","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/362"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054495","reference_id":"2054495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2054495"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0562","reference_id":"CVE-2022-0562","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0562"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json","reference_id":"CVE-2022-0562.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0562.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-0562"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsrb-hf2u-tudp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79347?format=json","vulnerability_id":"VCID-rmap-8g2y-abdc","summary":"libtiff: out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3598.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3598.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3598","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11913","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11959","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11747","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1183","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11882","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11893","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11854","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11827","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12556","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12409","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12522","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12548","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12434","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1243","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555","reference_id":"1022555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142738","reference_id":"2142738","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142738"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/435","reference_id":"435","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/435"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff","reference_id":"cfbb883bf6ea7bedcb04177cc4e52d304522fdff","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3598","reference_id":"CVE-2022-3598","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3598"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json","reference_id":"CVE-2022-3598.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3598.json"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230110-0001/","reference_id":"ntap-20230110-0001","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:33:41Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230110-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://usn.ubuntu.com/5705-1/","reference_id":"USN-5705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5705-1/"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-3598"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rmap-8g2y-abdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79861?format=json","vulnerability_id":"VCID-ruhz-ty5e-nkgr","summary":"libtiff: tiffcrop.c has uint32_t underflow which leads to out of bounds read and write in extractContigSamples8bits()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2869.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2869.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2869","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06827","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06831","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06851","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06652","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06696","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06679","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06729","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06762","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06755","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06749","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06669","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06826","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2118869","reference_id":"2118869","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2118869"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2869","reference_id":"CVE-2022-2869","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://usn.ubuntu.com/5604-1/","reference_id":"USN-5604-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5604-1/"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2869"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruhz-ty5e-nkgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79309?format=json","vulnerability_id":"VCID-s95z-s4sd-cffs","summary":"libtiff: division by zero issues in tiffcrop","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2056.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2056","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25652","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25763","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25707","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25699","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25771","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25841","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25904","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25805","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25808","published_at":"2026-04-16T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27786","published_at":"2026-04-02T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27824","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/415","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/415"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/346","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494","reference_id":"1014494","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014494"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2103222","reference_id":"2103222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2103222"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2056","reference_id":"CVE-2022-2056","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2056"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json","reference_id":"CVE-2022-2056.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2056.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0302","reference_id":"RHSA-2023:0302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0302"},{"reference_url":"https://usn.ubuntu.com/5619-1/","reference_id":"USN-5619-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5619-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2056"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s95z-s4sd-cffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79171?format=json","vulnerability_id":"VCID-tddn-m5ke-euas","summary":"libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34526.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34526.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34526","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42252","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42339","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42336","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42465","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42495","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42484","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42493","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42516","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42479","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42449","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42499","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42474","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42403","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/433","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/433"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112756","reference_id":"2112756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2112756"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34526","reference_id":"CVE-2022-34526","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-34526"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-34526"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tddn-m5ke-euas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79107?format=json","vulnerability_id":"VCID-tfyj-y9q3-t3ar","summary":"libtiff: tiffcrop: heap-buffer-overflow in extractImageSection in tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2953.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2953.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2953","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0451","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04305","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04434","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0445","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0447","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04318","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04366","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04346","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04325","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04297","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0764","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07683","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/48d6ece8389b01129e7d357f0985c8f938ce3da3"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/414","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/414"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670","reference_id":"1024670","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2134432","reference_id":"2134432","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2134432"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2953","reference_id":"CVE-2022-2953","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2953"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json","reference_id":"CVE-2022-2953.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2953.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0302","reference_id":"RHSA-2023:0302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0302"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2953"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfyj-y9q3-t3ar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16442?format=json","vulnerability_id":"VCID-tg7w-mbkg-7uhj","summary":"Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0798","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02005","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02067","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0203","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01995","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01973","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02039","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/492","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/492"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170157","reference_id":"2170157","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170157"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0798","reference_id":"CVE-2023-0798","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0798"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json","reference_id":"CVE-2023-0798.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0003/","reference_id":"ntap-20230316-0003","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:02:53Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0798"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7w-mbkg-7uhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79632?format=json","vulnerability_id":"VCID-tgf9-ax81-fub4","summary":"libtiff: heap Buffer overflows in tiffcrop.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3570.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3570","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00647","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00643","published_at":"2026-04-24T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00646","published_at":"2026-04-26T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0062","published_at":"2026-04-02T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00612","published_at":"2026-04-04T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00614","published_at":"2026-04-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00613","published_at":"2026-04-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00607","published_at":"2026-04-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00605","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00602","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00603","published_at":"2026-04-18T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00597","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00645","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/commit/bd94a9b383d8755a27b5a1bc27660b8ad10b094c"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/381","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/381"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/386","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/386"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555","reference_id":"1022555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142734","reference_id":"2142734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142734"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3570","reference_id":"CVE-2022-3570","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3570"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json","reference_id":"CVE-2022-3570.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3570.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://usn.ubuntu.com/5705-1/","reference_id":"USN-5705-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5705-1/"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-3570"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgf9-ax81-fub4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40060?format=json","vulnerability_id":"VCID-ucr1-vp5p-jqck","summary":"Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1355","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15516","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15406","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17111","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16989","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17079","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17135","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17064","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17002","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16937","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16938","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22054","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22674","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22517","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22509","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/400","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/400"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/323","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/323"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011160","reference_id":"1011160","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074415","reference_id":"2074415","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074415"},{"reference_url":"https://security.archlinux.org/AVG-2721","reference_id":"AVG-2721","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2721"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2022-1355","reference_id":"CVE-2022-1355","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2022-1355"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1355","reference_id":"CVE-2022-1355","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1355"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5619-1/","reference_id":"USN-5619-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5619-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-1355"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucr1-vp5p-jqck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16657?format=json","vulnerability_id":"VCID-vu6r-464p-4ue3","summary":"Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4645.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4645.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4645","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01862","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01946","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01874","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01877","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01891","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01876","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01861","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01856","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01839","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01837","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01921","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01916","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01912","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/277","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/277"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176220","reference_id":"2176220","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2176220"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/","reference_id":"2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ZTFA6GGOKFPIQNHDBMXYUR4XUXUJESE/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/","reference_id":"BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA6GRCAQ7NR2OK5N44UQRGUJBIYKWJJH/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4645","reference_id":"CVE-2022-4645","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4645"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json","reference_id":"CVE-2022-4645.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4645.json"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230331-0001/","reference_id":"ntap-20230331-0001","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230331-0001/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/","reference_id":"OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:04:27Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLM763GGZVVOAXIQXG6YGTYJ5VFYNECQ/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3059","reference_id":"RHSA-2024:3059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3059"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-4645"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vu6r-464p-4ue3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79886?format=json","vulnerability_id":"VCID-vzr7-wz88-h7gx","summary":"libtiff: Invalid crop_width and/or crop_length could cause an out-of-bounds read in reverseSamples16bits()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2868.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2868.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2868","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03495","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0334","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03458","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03444","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03449","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03416","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03419","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03441","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03402","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03374","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03351","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03328","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07279","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07322","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2118863","reference_id":"2118863","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2118863"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2868","reference_id":"CVE-2022-2868","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0095","reference_id":"RHSA-2023:0095","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0095"},{"reference_url":"https://usn.ubuntu.com/5604-1/","reference_id":"USN-5604-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5604-1/"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-2868"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzr7-wz88-h7gx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16427?format=json","vulnerability_id":"VCID-wza2-4rcj-hkcd","summary":"Out-of-bounds Read\nLibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0797","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02005","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02067","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02015","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02013","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0203","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01995","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01973","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02044","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02039","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/495","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/495"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170151","reference_id":"2170151","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0797","reference_id":"CVE-2023-0797","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0797"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json","reference_id":"CVE-2023-0797.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T19:03:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0797"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wza2-4rcj-hkcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16425?format=json","vulnerability_id":"VCID-x9xf-wuyn-6ffg","summary":"Out-of-bounds Write\nLibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0802","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07234","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07256","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07311","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07323","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07243","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07239","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07365","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07329","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/500","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/500"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632","reference_id":"1031632","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031632"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170178","reference_id":"2170178","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170178"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0802","reference_id":"CVE-2023-0802","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0802"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json","reference_id":"CVE-2023-0802.JSON","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json"},{"reference_url":"https://www.debian.org/security/2023/dsa-5361","reference_id":"dsa-5361","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/"}],"url":"https://www.debian.org/security/2023/dsa-5361"},{"reference_url":"https://security.gentoo.org/glsa/202305-31","reference_id":"GLSA-202305-31","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/"}],"url":"https://security.gentoo.org/glsa/202305-31"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html","reference_id":"msg00026.html","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230316-0002/","reference_id":"ntap-20230316-0002","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T18:59:46Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230316-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3711","reference_id":"RHSA-2023:3711","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3711"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5353","reference_id":"RHSA-2023:5353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5353"},{"reference_url":"https://usn.ubuntu.com/5923-1/","reference_id":"USN-5923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5923-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-0802"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9xf-wuyn-6ffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18053?format=json","vulnerability_id":"VCID-xmwn-vxux-h7g3","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25435.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25435.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25435","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09504","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09455","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09491","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09417","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14245","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14299","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14206","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1415","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1404","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16323","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16211","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16169","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16214","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25435"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/518","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-06T19:11:03Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/518"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216614","reference_id":"2216614","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2216614"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25435","reference_id":"CVE-2023-25435","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25435"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2023-25435"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmwn-vxux-h7g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13224?format=json","vulnerability_id":"VCID-zedn-437q-47b2","summary":"Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0865","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10258","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10292","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10413","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10359","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1035","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1033","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10466","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10496","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10463","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10441","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.1031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10282","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0891"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0907"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0924"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22844"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/385","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/issues/385"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/306","reference_id":"","reference_type":"","scores":[],"url":"https://gitlab.com/libtiff/libtiff/-/merge_requests/306"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064406","reference_id":"2064406","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064406"},{"reference_url":"https://security.archlinux.org/ASA-202204-6","reference_id":"ASA-202204-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-6"},{"reference_url":"https://security.archlinux.org/AVG-2658","reference_id":"AVG-2658","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2658"},{"reference_url":"https://security.archlinux.org/AVG-2659","reference_id":"AVG-2659","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2659"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0865","reference_id":"CVE-2022-0865","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0865"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json","reference_id":"CVE-2022-0865.JSON","reference_type":"","scores":[],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0865.json"},{"reference_url":"https://security.gentoo.org/glsa/202210-10","reference_id":"GLSA-202210-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7585","reference_id":"RHSA-2022:7585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8194","reference_id":"RHSA-2022:8194","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8194"},{"reference_url":"https://usn.ubuntu.com/5421-1/","reference_id":"USN-5421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037853?format=json","purl":"pkg:deb/debian/tiff@4.1.0%2Bgit191117-2~deb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-15g8-3ryu-h3ga"},{"vulnerability":"VCID-1mh3-q3y5-qyg1"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-25fx-7kmb-fqhm"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-2u8w-cy3j-9fen"},{"vulnerability":"VCID-3wfj-nc9t-xfgp"},{"vulnerability":"VCID-44ee-ueju-ykae"},{"vulnerability":"VCID-44zu-mtmq-57cm"},{"vulnerability":"VCID-48tr-y71p-7fbb"},{"vulnerability":"VCID-4egk-vvjq-dyhw"},{"vulnerability":"VCID-4mq7-s2p6-yufr"},{"vulnerability":"VCID-4pys-mah6-hfh6"},{"vulnerability":"VCID-4srx-3gbk-eqd3"},{"vulnerability":"VCID-5mak-1mkk-wkdg"},{"vulnerability":"VCID-6cry-skqu-zke9"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-6kck-g3z6-cuge"},{"vulnerability":"VCID-6sb9-u71x-j7f5"},{"vulnerability":"VCID-6sx9-1yfw-63cg"},{"vulnerability":"VCID-6wzx-7a3m-ufhm"},{"vulnerability":"VCID-72yx-48n1-jbfs"},{"vulnerability":"VCID-76g4-kacn-7yg7"},{"vulnerability":"VCID-8691-q4h3-eyaf"},{"vulnerability":"VCID-9gqh-2uat-93c7"},{"vulnerability":"VCID-ap6w-9c6j-akdp"},{"vulnerability":"VCID-as9s-4ugc-ukgy"},{"vulnerability":"VCID-b33v-b6h4-cqfe"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-bnbg-7q6h-8uhs"},{"vulnerability":"VCID-cbhv-yme7-buby"},{"vulnerability":"VCID-cm5h-b1g9-tkg9"},{"vulnerability":"VCID-cw7d-us77-2fhv"},{"vulnerability":"VCID-cwen-8yyj-x3aw"},{"vulnerability":"VCID-e6c2-ajs1-abdz"},{"vulnerability":"VCID-gmhp-4yx2-gfbv"},{"vulnerability":"VCID-h6gn-kv5x-bbd5"},{"vulnerability":"VCID-jdv4-3mf6-93hm"},{"vulnerability":"VCID-ju1t-bhyh-v7du"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-kpq7-5vsv-pucy"},{"vulnerability":"VCID-mhwh-tsst-cfaj"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-pkdx-ktz1-mbbg"},{"vulnerability":"VCID-pnpt-r4ke-fufh"},{"vulnerability":"VCID-qsrb-hf2u-tudp"},{"vulnerability":"VCID-rmap-8g2y-abdc"},{"vulnerability":"VCID-ruhz-ty5e-nkgr"},{"vulnerability":"VCID-s95z-s4sd-cffs"},{"vulnerability":"VCID-tddn-m5ke-euas"},{"vulnerability":"VCID-tfyj-y9q3-t3ar"},{"vulnerability":"VCID-tg7w-mbkg-7uhj"},{"vulnerability":"VCID-tgf9-ax81-fub4"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ucr1-vp5p-jqck"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vu6r-464p-4ue3"},{"vulnerability":"VCID-vzr7-wz88-h7gx"},{"vulnerability":"VCID-wza2-4rcj-hkcd"},{"vulnerability":"VCID-x9xf-wuyn-6ffg"},{"vulnerability":"VCID-xmwn-vxux-h7g3"},{"vulnerability":"VCID-z1vf-mhw2-ducs"},{"vulnerability":"VCID-zedn-437q-47b2"},{"vulnerability":"VCID-zwbu-yezc-4yck"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.1.0%252Bgit191117-2~deb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-0865"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zedn-437q-47b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79574?format=json","vulnerability_id":"VCID-zwbu-yezc-4yck","summary":"libtiff: out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3597.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3597.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3597","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07556","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07633","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07614","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08043","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08007","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.07992","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0815","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08107","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08071","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08413","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0836","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2057"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4645"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555","reference_id":"1022555","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022555"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142736","reference_id":"2142736","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2142736"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047","reference_id":"236b7191f04c60d09ee836ae13b50f812c841047","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047"},{"reference_url":"https://gitlab.com/libtiff/libtiff/-/issues/413","reference_id":"413","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/"}],"url":"https://gitlab.com/libtiff/libtiff/-/issues/413"},{"reference_url":"https://security.archlinux.org/AVG-2842","reference_id":"AVG-2842","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2842"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3597","reference_id":"CVE-2022-3597","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3597"},{"reference_url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json","reference_id":"CVE-2022-3597.json","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/"}],"url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3597.json"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230110-0001/","reference_id":"ntap-20230110-0001","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T20:48:53Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230110-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2340","reference_id":"RHSA-2023:2340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2340"},{"reference_url":"https://usn.ubuntu.com/5714-1/","reference_id":"USN-5714-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5714-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994556?format=json","purl":"pkg:deb/debian/tiff@4.2.0-1%2Bdeb11u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hfc-b4qr-jqgk"},{"vulnerability":"VCID-1nme-2pjx-q7hp"},{"vulnerability":"VCID-2ds7-xq64-9ue2"},{"vulnerability":"VCID-38sj-85gt-sfhe"},{"vulnerability":"VCID-4mhv-7vrm-v7hv"},{"vulnerability":"VCID-6dt6-ppka-b3ct"},{"vulnerability":"VCID-7zdy-fxq2-p7gf"},{"vulnerability":"VCID-9grz-pkwb-3kc5"},{"vulnerability":"VCID-a8jf-xmj8-cuh6"},{"vulnerability":"VCID-b4hb-cxzy-suck"},{"vulnerability":"VCID-d8kh-h6vs-gqd4"},{"vulnerability":"VCID-dg96-zmw1-8kcp"},{"vulnerability":"VCID-h9ap-xxmw-j7dr"},{"vulnerability":"VCID-k8kt-55y9-qyac"},{"vulnerability":"VCID-n3ta-dm1y-gya5"},{"vulnerability":"VCID-ndc5-qn5u-3qbq"},{"vulnerability":"VCID-ndwc-beev-43ck"},{"vulnerability":"VCID-r186-xqyn-ffey"},{"vulnerability":"VCID-rp7t-x7gz-9udg"},{"vulnerability":"VCID-sqxq-hg7v-d7gv"},{"vulnerability":"VCID-ttb7-w41r-4kfn"},{"vulnerability":"VCID-ua38-ur2u-eues"},{"vulnerability":"VCID-ukgj-45m7-6uba"},{"vulnerability":"VCID-v4rx-c1w4-pbb3"},{"vulnerability":"VCID-vju4-pghv-47bx"},{"vulnerability":"VCID-vrtj-45t6-cqec"},{"vulnerability":"VCID-yfxw-tmnn-byc6"},{"vulnerability":"VCID-z1vf-mhw2-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}],"aliases":["CVE-2022-3597"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zwbu-yezc-4yck"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tiff@4.2.0-1%252Bdeb11u5"}