{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73660?format=json","vulnerability_id":"VCID-h24j-cge2-rfg6","summary":"Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.","aliases":[{"alias":"CVE-2016-3993"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/210299?format=json","purl":"pkg:deb/debian/imlib2@1.4.5-1%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.5-1%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273399?format=json","purl":"pkg:deb/debian/imlib2@1.4.6-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.6-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/517914?format=json","purl":"pkg:deb/debian/imlib2@1.4.8-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.8-1"},{"url":"http://public2.vulnerablecode.io/api/packages/99382?format=json","purl":"pkg:deb/debian/imlib2@1.4.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99372?format=json","purl":"pkg:deb/debian/imlib2@1.7.1-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.7.1-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99370?format=json","purl":"pkg:deb/debian/imlib2@1.10.0-4%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.10.0-4%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99374?format=json","purl":"pkg:deb/debian/imlib2@1.12.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.12.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99373?format=json","purl":"pkg:deb/debian/imlib2@1.12.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.12.6-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/210292?format=json","purl":"pkg:deb/debian/imlib2@1.0.5-2woody2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-81rk-nnjv-6kg2"},{"vulnerability":"VCID-aqnw-8u32-qqd7"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-pa9h-c87z-n3a5"},{"vulnerability":"VCID-rj4r-61e1-pfbb"},{"vulnerability":"VCID-s8bp-fd7g-hqdd"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-sfq1-gbp5-gqdd"},{"vulnerability":"VCID-w3xq-n377-4ycr"},{"vulnerability":"VCID-wkna-u9qg-8bf1"},{"vulnerability":"VCID-wuz7-f1st-43cj"},{"vulnerability":"VCID-xud9-ry5w-fkc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.0.5-2woody2"},{"url":"http://public2.vulnerablecode.io/api/packages/210293?format=json","purl":"pkg:deb/debian/imlib2@1.2.0-2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-81rk-nnjv-6kg2"},{"vulnerability":"VCID-aqnw-8u32-qqd7"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-pa9h-c87z-n3a5"},{"vulnerability":"VCID-rj4r-61e1-pfbb"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-w3xq-n377-4ycr"},{"vulnerability":"VCID-wkna-u9qg-8bf1"},{"vulnerability":"VCID-wuz7-f1st-43cj"},{"vulnerability":"VCID-xud9-ry5w-fkc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.2.0-2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/210294?format=json","purl":"pkg:deb/debian/imlib2@1.3.0.0debian1-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-81rk-nnjv-6kg2"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-pa9h-c87z-n3a5"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"},{"vulnerability":"VCID-xud9-ry5w-fkc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.3.0.0debian1-4"},{"url":"http://public2.vulnerablecode.io/api/packages/210295?format=json","purl":"pkg:deb/debian/imlib2@1.3.0.0debian1-4%2Betch2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-81rk-nnjv-6kg2"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-pa9h-c87z-n3a5"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"},{"vulnerability":"VCID-xud9-ry5w-fkc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.3.0.0debian1-4%252Betch2"},{"url":"http://public2.vulnerablecode.io/api/packages/210296?format=json","purl":"pkg:deb/debian/imlib2@1.4.0-1.2%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-pa9h-c87z-n3a5"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.0-1.2%252Blenny1"},{"url":"http://public2.vulnerablecode.io/api/packages/210297?format=json","purl":"pkg:deb/debian/imlib2@1.4.2-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.2-8"},{"url":"http://public2.vulnerablecode.io/api/packages/210298?format=json","purl":"pkg:deb/debian/imlib2@1.4.2-8%2Bdeb6u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.2-8%252Bdeb6u1"},{"url":"http://public2.vulnerablecode.io/api/packages/210299?format=json","purl":"pkg:deb/debian/imlib2@1.4.5-1%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.5-1%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/273397?format=json","purl":"pkg:deb/debian/imlib2@1.4.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.6-2"},{"url":"http://public2.vulnerablecode.io/api/packages/273399?format=json","purl":"pkg:deb/debian/imlib2@1.4.6-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-233w-re49-3yhh"},{"vulnerability":"VCID-2cnm-tvst-tugb"},{"vulnerability":"VCID-6jgp-x4va-xfgn"},{"vulnerability":"VCID-cb9q-e3bp-eyf9"},{"vulnerability":"VCID-gxgq-4qvu-tucj"},{"vulnerability":"VCID-h24j-cge2-rfg6"},{"vulnerability":"VCID-k3zs-muxt-wqc6"},{"vulnerability":"VCID-mnkw-tr8k-m3aa"},{"vulnerability":"VCID-ns9w-31sq-87gx"},{"vulnerability":"VCID-nw4u-xhwc-p7eu"},{"vulnerability":"VCID-sc8j-7qfs-4qek"},{"vulnerability":"VCID-wkna-u9qg-8bf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/imlib2@1.4.6-2%252Bdeb8u2"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3993","reference_id":"","reference_type":"","scores":[{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78392","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78374","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78362","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78388","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78397","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78387","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5326","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5326"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3994","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3994"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4024"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818","reference_id":"819818","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818"},{"reference_url":"https://usn.ubuntu.com/3075-1/","reference_id":"USN-3075-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3075-1/"}],"weaknesses":[],"exploits":[],"severity_range_score":"5.0 - 7.5","exploitability":"0.5","weighted_severity":"3.8","risk_score":1.9,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h24j-cge2-rfg6"}