{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100709?format=json","vulnerability_id":"VCID-xsha-wn9z-4fg2","summary":"xorg-x11-server: DoS in xquartz when editing the Application menu due to mutaing immutable arrays","aliases":[{"alias":"CVE-2022-3553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136484?format=json","purl":"pkg:deb/debian/xorg-server@2:21.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/509650?format=json","purl":"pkg:deb/debian/xorg-server@2:21.1.7-3%2Bdeb12u12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uvb-wkwb-jbbf"},{"vulnerability":"VCID-5zrz-y3fm-4uet"},{"vulnerability":"VCID-62xy-rm39-mqge"},{"vulnerability":"VCID-abhy-pfqz-efa2"},{"vulnerability":"VCID-csqc-7j51-x7bb"},{"vulnerability":"VCID-epmv-hj44-2bhq"},{"vulnerability":"VCID-nynt-8cpp-27fe"},{"vulnerability":"VCID-wsp6-uyxx-53hf"},{"vulnerability":"VCID-zdwz-bgk3-fqdj"},{"vulnerability":"VCID-zsm3-vywn-pkej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.7-3%252Bdeb12u12"},{"url":"http://public2.vulnerablecode.io/api/packages/136407?format=json","purl":"pkg:deb/debian/xorg-server@2:21.1.7-3%2Bdeb12u12?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uvb-wkwb-jbbf"},{"vulnerability":"VCID-5zrz-y3fm-4uet"},{"vulnerability":"VCID-62xy-rm39-mqge"},{"vulnerability":"VCID-abhy-pfqz-efa2"},{"vulnerability":"VCID-csqc-7j51-x7bb"},{"vulnerability":"VCID-epmv-hj44-2bhq"},{"vulnerability":"VCID-nynt-8cpp-27fe"},{"vulnerability":"VCID-wsp6-uyxx-53hf"},{"vulnerability":"VCID-zdwz-bgk3-fqdj"},{"vulnerability":"VCID-zsm3-vywn-pkej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.7-3%252Bdeb12u12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136413?format=json","purl":"pkg:deb/debian/xorg-server@2:21.1.16-1.3%2Bdeb13u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uvb-wkwb-jbbf"},{"vulnerability":"VCID-5zrz-y3fm-4uet"},{"vulnerability":"VCID-62xy-rm39-mqge"},{"vulnerability":"VCID-csqc-7j51-x7bb"},{"vulnerability":"VCID-epmv-hj44-2bhq"},{"vulnerability":"VCID-nynt-8cpp-27fe"},{"vulnerability":"VCID-wsp6-uyxx-53hf"},{"vulnerability":"VCID-zdwz-bgk3-fqdj"},{"vulnerability":"VCID-zsm3-vywn-pkej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.16-1.3%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136410?format=json","purl":"pkg:deb/debian/xorg-server@2:21.1.22-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uvb-wkwb-jbbf"},{"vulnerability":"VCID-5zrz-y3fm-4uet"},{"vulnerability":"VCID-62xy-rm39-mqge"},{"vulnerability":"VCID-csqc-7j51-x7bb"},{"vulnerability":"VCID-epmv-hj44-2bhq"},{"vulnerability":"VCID-nynt-8cpp-27fe"},{"vulnerability":"VCID-wsp6-uyxx-53hf"},{"vulnerability":"VCID-zdwz-bgk3-fqdj"},{"vulnerability":"VCID-zsm3-vywn-pkej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.22-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136412?format=json","purl":"pkg:deb/debian/xorg-server@2:21.1.23-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:21.1.23-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/192455?format=json","purl":"pkg:ebuild/x11-base/xorg-server@21.1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/x11-base/xorg-server@21.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/192456?format=json","purl":"pkg:ebuild/x11-base/xwayland@21.1.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/x11-base/xwayland@21.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/192457?format=json","purl":"pkg:ebuild/x11-base/xwayland@23.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/x11-base/xwayland@23.1.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/509649?format=json","purl":"pkg:deb/debian/xorg-server@2:1.20.11-1%2Bdeb11u13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uvb-wkwb-jbbf"},{"vulnerability":"VCID-5zrz-y3fm-4uet"},{"vulnerability":"VCID-62xy-rm39-mqge"},{"vulnerability":"VCID-6t55-ed2e-2bcw"},{"vulnerability":"VCID-8h6n-ntrj-q7g6"},{"vulnerability":"VCID-8mr3-m631-ykff"},{"vulnerability":"VCID-95dx-8w8k-4kfp"},{"vulnerability":"VCID-96ga-avmd-kubh"},{"vulnerability":"VCID-9pnm-jep8-3bf9"},{"vulnerability":"VCID-abhy-pfqz-efa2"},{"vulnerability":"VCID-csqc-7j51-x7bb"},{"vulnerability":"VCID-epmv-hj44-2bhq"},{"vulnerability":"VCID-gq7x-petb-hfau"},{"vulnerability":"VCID-mksc-f652-2qcd"},{"vulnerability":"VCID-mux3-jggq-bqej"},{"vulnerability":"VCID-nce7-2t7k-vfdt"},{"vulnerability":"VCID-nynt-8cpp-27fe"},{"vulnerability":"VCID-r8bp-sg6q-sqgj"},{"vulnerability":"VCID-rq9m-9qtm-m3bv"},{"vulnerability":"VCID-sbxv-5gr6-8be3"},{"vulnerability":"VCID-ucf1-81as-eucj"},{"vulnerability":"VCID-vs7d-ydc7-w7ec"},{"vulnerability":"VCID-waxn-nrqv-k7ca"},{"vulnerability":"VCID-wsp6-uyxx-53hf"},{"vulnerability":"VCID-xq35-8sqg-9fcf"},{"vulnerability":"VCID-xsha-wn9z-4fg2"},{"vulnerability":"VCID-y5rf-aq67-nbcd"},{"vulnerability":"VCID-ydth-wf4d-zugb"},{"vulnerability":"VCID-yqg5-wy1b-hfgx"},{"vulnerability":"VCID-z6tv-7fmc-13bw"},{"vulnerability":"VCID-zb61-sksa-e3c5"},{"vulnerability":"VCID-zdwz-bgk3-fqdj"},{"vulnerability":"VCID-zsm3-vywn-pkej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:1.20.11-1%252Bdeb11u13"},{"url":"http://public2.vulnerablecode.io/api/packages/136409?format=json","purl":"pkg:deb/debian/xorg-server@2:1.20.11-1%2Bdeb11u13?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2uvb-wkwb-jbbf"},{"vulnerability":"VCID-5zrz-y3fm-4uet"},{"vulnerability":"VCID-62xy-rm39-mqge"},{"vulnerability":"VCID-8mr3-m631-ykff"},{"vulnerability":"VCID-abhy-pfqz-efa2"},{"vulnerability":"VCID-csqc-7j51-x7bb"},{"vulnerability":"VCID-epmv-hj44-2bhq"},{"vulnerability":"VCID-mksc-f652-2qcd"},{"vulnerability":"VCID-mux3-jggq-bqej"},{"vulnerability":"VCID-nynt-8cpp-27fe"},{"vulnerability":"VCID-ucf1-81as-eucj"},{"vulnerability":"VCID-wsp6-uyxx-53hf"},{"vulnerability":"VCID-xsha-wn9z-4fg2"},{"vulnerability":"VCID-ydth-wf4d-zugb"},{"vulnerability":"VCID-zdwz-bgk3-fqdj"},{"vulnerability":"VCID-zsm3-vywn-pkej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xorg-server@2:1.20.11-1%252Bdeb11u13%3Fdistro=trixie"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3553.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3553.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3553","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30261","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3027","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30335","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30299","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140706","reference_id":"2140706","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2140706"},{"reference_url":"https://security.gentoo.org/glsa/202305-30","reference_id":"GLSA-202305-30","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:45Z/"}],"url":"https://security.gentoo.org/glsa/202305-30"},{"reference_url":"https://vuldb.com/?id.211053","reference_id":"?id.211053","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:45Z/"}],"url":"https://vuldb.com/?id.211053"},{"reference_url":"https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3","reference_id":"?id=dfd057996b26420309c324ec844a5ba6dd07eda3","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:45Z/"}],"url":"https://cgit.freedesktop.org/xorg/xserver/commit/?id=dfd057996b26420309c324ec844a5ba6dd07eda3"}],"weaknesses":[{"cwe_id":404,"name":"Improper Resource Shutdown or Release","description":"The product does not release or incorrectly releases a resource before it is made available for re-use."}],"exploits":[],"severity_range_score":"3.5 - 6.5","exploitability":"0.5","weighted_severity":"5.9","risk_score":3.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsha-wn9z-4fg2"}