Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/96301?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96301?format=api", "vulnerability_id": "VCID-daqr-hs7y-3uhp", "summary": "Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`", "aliases": [ { "alias": "CVE-2022-43599" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/120628?format=api", "purl": "pkg:deb/debian/openimageio@2.2.10.1%2Bdfsg-1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a94-qz4f-v3c7" }, { "vulnerability": "VCID-4nzm-37tc-pudt" }, { "vulnerability": "VCID-8qzu-xeyg-9qen" }, { "vulnerability": "VCID-9k32-3k9z-jqc9" }, { "vulnerability": "VCID-drz8-qgw6-p3ff" }, { "vulnerability": "VCID-hkhb-82ez-efba" }, { "vulnerability": "VCID-qgm5-cww4-yqev" }, { "vulnerability": "VCID-uuft-ecpa-bqgb" }, { "vulnerability": "VCID-va2h-rzdr-cqfq" }, { "vulnerability": "VCID-xb96-t6j2-zbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@2.2.10.1%252Bdfsg-1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/195597?format=api", "purl": "pkg:deb/debian/openimageio@2.2.10.1%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a94-qz4f-v3c7" }, { "vulnerability": "VCID-4nzm-37tc-pudt" }, { "vulnerability": "VCID-8qzu-xeyg-9qen" }, { "vulnerability": "VCID-9k32-3k9z-jqc9" }, { "vulnerability": "VCID-drz8-qgw6-p3ff" }, { "vulnerability": "VCID-hkhb-82ez-efba" }, { "vulnerability": "VCID-qgm5-cww4-yqev" }, { "vulnerability": "VCID-uuft-ecpa-bqgb" }, { "vulnerability": "VCID-va2h-rzdr-cqfq" }, { "vulnerability": "VCID-xb96-t6j2-zbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@2.2.10.1%252Bdfsg-1%252Bdeb11u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/120626?format=api", "purl": "pkg:deb/debian/openimageio@2.4.7.1%2Bdfsg-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2a94-qz4f-v3c7" }, { "vulnerability": "VCID-4nzm-37tc-pudt" }, { "vulnerability": "VCID-8qzu-xeyg-9qen" }, { "vulnerability": "VCID-9k32-3k9z-jqc9" }, { "vulnerability": "VCID-drz8-qgw6-p3ff" }, { "vulnerability": "VCID-hkhb-82ez-efba" }, { "vulnerability": "VCID-qgm5-cww4-yqev" }, { "vulnerability": "VCID-uuft-ecpa-bqgb" }, { "vulnerability": "VCID-va2h-rzdr-cqfq" }, { "vulnerability": "VCID-xb96-t6j2-zbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@2.4.7.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/120631?format=api", "purl": "pkg:deb/debian/openimageio@2.5.18.0%2Bdfsg-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9k32-3k9z-jqc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@2.5.18.0%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/120629?format=api", "purl": "pkg:deb/debian/openimageio@2.5.19.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@2.5.19.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/192237?format=api", "purl": "pkg:ebuild/media-libs/openimageio@2.4.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/openimageio@2.4.6.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/682072?format=api", "purl": "pkg:deb/debian/openimageio@1.0.5%2Bdfsg0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2arn-a8r6-7ugz" }, { "vulnerability": "VCID-3f6f-b6x7-vkfs" }, { "vulnerability": "VCID-58pq-dtmz-vba6" }, { "vulnerability": "VCID-719v-jn7s-tqec" }, { "vulnerability": "VCID-8eqp-b2dt-sbea" }, { "vulnerability": "VCID-9bzc-wucd-aqay" }, { "vulnerability": "VCID-9d16-9jfg-x7ga" }, { "vulnerability": "VCID-9zff-m1r9-6fax" }, { "vulnerability": "VCID-bjxh-mdk6-uuga" }, { "vulnerability": "VCID-cy1a-rqmb-rkb6" }, { "vulnerability": "VCID-daqr-hs7y-3uhp" }, { "vulnerability": "VCID-dzq6-x9hb-u3dd" }, { "vulnerability": "VCID-ggaq-va4m-1qa1" }, { "vulnerability": "VCID-gxtd-shay-sqcz" }, { "vulnerability": "VCID-hhz5-ct76-qbgh" }, { "vulnerability": "VCID-qqcr-w7hv-sbcz" }, { "vulnerability": "VCID-rdpu-4d9f-1fhu" }, { "vulnerability": "VCID-rqnh-jsyu-4be1" }, { "vulnerability": "VCID-v6vq-hhpn-8qd2" }, { "vulnerability": "VCID-x7y3-nwq2-qfgr" }, { "vulnerability": "VCID-xc26-k43q-2qcm" }, { "vulnerability": "VCID-xsff-8zbd-byav" }, { "vulnerability": "VCID-z697-y22c-mfd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@1.0.5%252Bdfsg0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/682073?format=api", "purl": "pkg:deb/debian/openimageio@1.4.14~dfsg0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2arn-a8r6-7ugz" }, { "vulnerability": "VCID-3f6f-b6x7-vkfs" }, { "vulnerability": "VCID-58pq-dtmz-vba6" }, { "vulnerability": "VCID-719v-jn7s-tqec" }, { "vulnerability": "VCID-8eqp-b2dt-sbea" }, { "vulnerability": "VCID-9bzc-wucd-aqay" }, { "vulnerability": "VCID-9d16-9jfg-x7ga" }, { "vulnerability": "VCID-9zff-m1r9-6fax" }, { "vulnerability": "VCID-bjxh-mdk6-uuga" }, { "vulnerability": "VCID-cy1a-rqmb-rkb6" }, { "vulnerability": "VCID-daqr-hs7y-3uhp" }, { "vulnerability": "VCID-dzq6-x9hb-u3dd" }, { "vulnerability": "VCID-ggaq-va4m-1qa1" }, { "vulnerability": "VCID-gxtd-shay-sqcz" }, { "vulnerability": "VCID-hhz5-ct76-qbgh" }, { "vulnerability": "VCID-qqcr-w7hv-sbcz" }, { "vulnerability": "VCID-rdpu-4d9f-1fhu" }, { "vulnerability": "VCID-rqnh-jsyu-4be1" }, { "vulnerability": "VCID-v6vq-hhpn-8qd2" }, { "vulnerability": "VCID-x7y3-nwq2-qfgr" }, { "vulnerability": "VCID-xc26-k43q-2qcm" }, { "vulnerability": "VCID-xsff-8zbd-byav" }, { "vulnerability": "VCID-z697-y22c-mfd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@1.4.14~dfsg0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/682074?format=api", "purl": "pkg:deb/debian/openimageio@1.6.17~dfsg0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2arn-a8r6-7ugz" }, { "vulnerability": "VCID-3f6f-b6x7-vkfs" }, { "vulnerability": "VCID-58pq-dtmz-vba6" }, { "vulnerability": "VCID-719v-jn7s-tqec" }, { "vulnerability": "VCID-8eqp-b2dt-sbea" }, { "vulnerability": "VCID-9bzc-wucd-aqay" }, { "vulnerability": "VCID-9d16-9jfg-x7ga" }, { "vulnerability": "VCID-9zff-m1r9-6fax" }, { "vulnerability": "VCID-bjxh-mdk6-uuga" }, { "vulnerability": "VCID-cy1a-rqmb-rkb6" }, { "vulnerability": "VCID-daqr-hs7y-3uhp" }, { "vulnerability": "VCID-dzq6-x9hb-u3dd" }, { "vulnerability": "VCID-ggaq-va4m-1qa1" }, { "vulnerability": "VCID-gxtd-shay-sqcz" }, { "vulnerability": "VCID-hhz5-ct76-qbgh" }, { "vulnerability": "VCID-qqcr-w7hv-sbcz" }, { "vulnerability": "VCID-rdpu-4d9f-1fhu" }, { "vulnerability": "VCID-rqnh-jsyu-4be1" }, { "vulnerability": "VCID-v6vq-hhpn-8qd2" }, { "vulnerability": "VCID-x7y3-nwq2-qfgr" }, { "vulnerability": "VCID-xc26-k43q-2qcm" }, { "vulnerability": "VCID-xsff-8zbd-byav" }, { "vulnerability": "VCID-z697-y22c-mfd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@1.6.17~dfsg0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/682075?format=api", "purl": "pkg:deb/debian/openimageio@2.0.5~dfsg0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2arn-a8r6-7ugz" }, { "vulnerability": "VCID-3f6f-b6x7-vkfs" }, { "vulnerability": "VCID-58pq-dtmz-vba6" }, { "vulnerability": "VCID-719v-jn7s-tqec" }, { "vulnerability": "VCID-8eqp-b2dt-sbea" }, { "vulnerability": "VCID-9bzc-wucd-aqay" }, { "vulnerability": "VCID-9d16-9jfg-x7ga" }, { "vulnerability": "VCID-9zff-m1r9-6fax" }, { "vulnerability": "VCID-bjxh-mdk6-uuga" }, { "vulnerability": "VCID-cy1a-rqmb-rkb6" }, { "vulnerability": "VCID-daqr-hs7y-3uhp" }, { "vulnerability": "VCID-dzq6-x9hb-u3dd" }, { "vulnerability": "VCID-ggaq-va4m-1qa1" }, { "vulnerability": "VCID-gxtd-shay-sqcz" }, { "vulnerability": "VCID-hhz5-ct76-qbgh" }, { "vulnerability": "VCID-qqcr-w7hv-sbcz" }, { "vulnerability": "VCID-rdpu-4d9f-1fhu" }, { "vulnerability": "VCID-rqnh-jsyu-4be1" }, { "vulnerability": "VCID-v6vq-hhpn-8qd2" }, { "vulnerability": "VCID-x7y3-nwq2-qfgr" }, { "vulnerability": "VCID-xc26-k43q-2qcm" }, { "vulnerability": "VCID-xsff-8zbd-byav" }, { "vulnerability": "VCID-z697-y22c-mfd8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/openimageio@2.0.5~dfsg0-1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43599", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82742", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82767", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82765", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82764", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82757", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0172", "scoring_system": "epss", "scoring_elements": "0.82769", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41639", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41639" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41649", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41981" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41999", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41999" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43592", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43592" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43594", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43594" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43595", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43595" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43596", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43596" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43599", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43599" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43600", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43603" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027143", "reference_id": "1027143", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027143" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5384", "reference_id": "dsa-5384", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T18:54:18Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5384" }, { "reference_url": "https://security.gentoo.org/glsa/202305-33", "reference_id": "GLSA-202305-33", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T18:54:18Z/" } ], "url": "https://security.gentoo.org/glsa/202305-33" }, { "reference_url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656", "reference_id": "TALOS-2022-1656", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-14T18:54:18Z/" } ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656" } ], "weaknesses": [ { "cwe_id": 122, "name": "Heap-based Buffer Overflow", "description": "A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()." } ], "exploits": [], "severity_range_score": "8.1 - 8.1", "exploitability": "0.5", "weighted_severity": "5.7", "risk_score": 2.9, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-daqr-hs7y-3uhp" }