snyk-sarif.json

{
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "Snyk Container",
          "semanticVersion": "1.1294.0",
          "version": "1.1294.0",
          "informationUri": "https://docs.snyk.io/",
          "properties": {
            "artifactsScanned": 413
          },
          "rules": [
            {
              "id": "SNYK-DEBIAN12-AOM-5878995",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in aom"
              },
              "fullDescription": {
                "text": "(CVE-2023-39616) aom/libaom3@3.6.0-1+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `aom` package and not the `aom` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.\n## Remediation\nThere is no fixed version for `Debian:12` `aom`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-39616](https://security-tracker.debian.org/tracker/CVE-2023-39616)\n- [https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3](https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-AOM-6140324",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in aom"
              },
              "fullDescription": {
                "text": "(CVE-2023-6879) aom/libaom3@3.6.0-1+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `aom` package and not the `aom` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIncreasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().\n\n\n## Remediation\nThere is no fixed version for `Debian:12` `aom`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-6879](https://security-tracker.debian.org/tracker/CVE-2023-6879)\n- [https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1](https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1)\n- [https://crbug.com/aomedia/3491](https://crbug.com/aomedia/3491)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-APR-7833616",
              "shortDescription": {
                "text": "Low severity - Incorrect Permission Assignment for Critical Resource vulnerability in apr"
              },
              "fullDescription": {
                "text": "(CVE-2023-49582) apr/libapr1@1.7.2-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `apr` package and not the `apr` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nLax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. \n\nThis issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h)\n\nUsers are recommended to upgrade to APR version 1.7.5, which fixes this issue.\n## Remediation\nThere is no fixed version for `Debian:12` `apr`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-49582](https://security-tracker.debian.org/tracker/CVE-2023-49582)\n- [https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4](https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-732",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-APT-1541449",
              "shortDescription": {
                "text": "Low severity - Improper Verification of Cryptographic Signature vulnerability in apt"
              },
              "fullDescription": {
                "text": "(CVE-2011-3374) apt/libapt-pkg6.0@2.6.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `apt` package and not the `apt` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIt was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.\n## Remediation\nThere is no fixed version for `Debian:12` `apt`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2011-3374](https://security-tracker.debian.org/tracker/CVE-2011-3374)\n- [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480)\n- [https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html](https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html)\n- [https://seclists.org/fulldisclosure/2011/Sep/221](https://seclists.org/fulldisclosure/2011/Sep/221)\n- [https://snyk.io/vuln/SNYK-LINUX-APT-116518](https://snyk.io/vuln/SNYK-LINUX-APT-116518)\n- [https://ubuntu.com/security/CVE-2011-3374](https://ubuntu.com/security/CVE-2011-3374)\n- [https://access.redhat.com/security/cve/cve-2011-3374](https://access.redhat.com/security/cve/cve-2011-3374)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-347",
                  "deb"
                ],
                "cvssv3_baseScore": 3.7,
                "security-severity": "3.7"
              }
            },
            {
              "id": "SNYK-DEBIAN12-BINUTILS-1542119",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in binutils"
              },
              "fullDescription": {
                "text": "(CVE-2018-20673) binutils/binutils-common@2.40-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `binutils` package and not the `binutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.\n## Remediation\nThere is no fixed version for `Debian:12` `binutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-20673](https://security-tracker.debian.org/tracker/CVE-2018-20673)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=24039](https://sourceware.org/bugzilla/show_bug.cgi?id=24039)\n- [http://www.securityfocus.com/bid/106454](http://www.securityfocus.com/bid/106454)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20673](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20673)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "CWE-190",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-BINUTILS-1542166",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Read vulnerability in binutils"
              },
              "fullDescription": {
                "text": "(CVE-2018-20712) binutils/binutils-common@2.40-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `binutils` package and not the `binutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.\n## Remediation\nThere is no fixed version for `Debian:12` `binutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-20712](https://security-tracker.debian.org/tracker/CVE-2018-20712)\n- [https://support.f5.com/csp/article/K38336243](https://support.f5.com/csp/article/K38336243)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712)\n- [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=24043](https://sourceware.org/bugzilla/show_bug.cgi?id=24043)\n- [http://www.securityfocus.com/bid/106563](http://www.securityfocus.com/bid/106563)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20712](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20712)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-125",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-BINUTILS-1542259",
              "shortDescription": {
                "text": "Low severity - Uncontrolled Recursion vulnerability in binutils"
              },
              "fullDescription": {
                "text": "(CVE-2018-9996) binutils/binutils-common@2.40-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `binutils` package and not the `binutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.\n## Remediation\nThere is no fixed version for `Debian:12` `binutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-9996](https://security-tracker.debian.org/tracker/CVE-2018-9996)\n- [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304)\n- [http://www.securityfocus.com/bid/103733](http://www.securityfocus.com/bid/103733)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-9996](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-9996)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-674",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-BINUTILS-1542441",
              "shortDescription": {
                "text": "Low severity - Allocation of Resources Without Limits or Throttling vulnerability in binutils"
              },
              "fullDescription": {
                "text": "(CVE-2017-13716) binutils/binutils-common@2.40-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `binutils` package and not the `binutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).\n## Remediation\nThere is no fixed version for `Debian:12` `binutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-13716](https://security-tracker.debian.org/tracker/CVE-2017-13716)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22009](https://sourceware.org/bugzilla/show_bug.cgi?id=22009)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13716](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13716)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-770",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-BINUTILS-5422222",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in binutils"
              },
              "fullDescription": {
                "text": "(CVE-2023-1972) binutils/binutils-common@2.40-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `binutils` package and not the `binutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.\n## Remediation\nThere is no fixed version for `Debian:12` `binutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-1972](https://security-tracker.debian.org/tracker/CVE-2023-1972)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2185646](https://bugzilla.redhat.com/show_bug.cgi?id=2185646)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=30285](https://sourceware.org/bugzilla/show_bug.cgi?id=30285)\n- [https://security.gentoo.org/glsa/202309-15](https://security.gentoo.org/glsa/202309-15)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-BINUTILS-5803143",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in binutils"
              },
              "fullDescription": {
                "text": "(CVE-2021-32256) binutils/binutils-common@2.40-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `binutils` package and not the `binutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.\n## Remediation\nThere is no fixed version for `Debian:12` `binutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-32256](https://security-tracker.debian.org/tracker/CVE-2021-32256)\n- [https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070](https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070)\n- [https://security.netapp.com/advisory/ntap-20230824-0013/](https://security.netapp.com/advisory/ntap-20230824-0013/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-CAIRO-1542506",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in cairo"
              },
              "fullDescription": {
                "text": "(CVE-2018-18064) cairo/libcairo2@1.16.0-7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `cairo` package and not the `cairo` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\ncairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).\n## Remediation\nThere is no fixed version for `Debian:12` `cairo`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-18064](https://security-tracker.debian.org/tracker/CVE-2018-18064)\n- [https://gitlab.freedesktop.org/cairo/cairo/issues/341](https://gitlab.freedesktop.org/cairo/cairo/issues/341)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18064](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-18064)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-CAIRO-1542635",
              "shortDescription": {
                "text": "Low severity - Reachable Assertion vulnerability in cairo"
              },
              "fullDescription": {
                "text": "(CVE-2019-6461) cairo/libcairo2@1.16.0-7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `cairo` package and not the `cairo` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.\n## Remediation\nThere is no fixed version for `Debian:12` `cairo`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-6461](https://security-tracker.debian.org/tracker/CVE-2019-6461)\n- [https://github.com/TeamSeri0us/pocs/tree/master/gerbv](https://github.com/TeamSeri0us/pocs/tree/master/gerbv)\n- [https://gitlab.freedesktop.org/cairo/cairo/issues/352](https://gitlab.freedesktop.org/cairo/cairo/issues/352)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6461](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6461)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-617",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-CAIRO-1542674",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in cairo"
              },
              "fullDescription": {
                "text": "(CVE-2017-7475) cairo/libcairo2@1.16.0-7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `cairo` package and not the `cairo` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nCairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.\n## Remediation\nThere is no fixed version for `Debian:12` `cairo`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-7475](https://security-tracker.debian.org/tracker/CVE-2017-7475)\n- [https://bugs.freedesktop.org/show_bug.cgi?id=100763](https://bugs.freedesktop.org/show_bug.cgi?id=100763)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://seclists.org/oss-sec/2017/q2/151](http://seclists.org/oss-sec/2017/q2/151)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7475](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7475)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-CAIRO-1542729",
              "shortDescription": {
                "text": "Low severity - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in cairo"
              },
              "fullDescription": {
                "text": "(CVE-2019-6462) cairo/libcairo2@1.16.0-7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `cairo` package and not the `cairo` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.\n## Remediation\nThere is no fixed version for `Debian:12` `cairo`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-6462](https://security-tracker.debian.org/tracker/CVE-2019-6462)\n- [https://github.com/TeamSeri0us/pocs/tree/master/gerbv](https://github.com/TeamSeri0us/pocs/tree/master/gerbv)\n- [https://gitlab.freedesktop.org/cairo/cairo/issues/353](https://gitlab.freedesktop.org/cairo/cairo/issues/353)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6462](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6462)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-835",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-COREUTILS-1543939",
              "shortDescription": {
                "text": "Low severity - Improper Input Validation vulnerability in coreutils"
              },
              "fullDescription": {
                "text": "(CVE-2016-2781) coreutils@9.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `coreutils` package and not the `coreutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.\n## Remediation\nThere is no fixed version for `Debian:12` `coreutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-2781](https://security-tracker.debian.org/tracker/CVE-2016-2781)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://www.openwall.com/lists/oss-security/2016/02/28/2](http://www.openwall.com/lists/oss-security/2016/02/28/2)\n- [http://www.openwall.com/lists/oss-security/2016/02/28/3](http://www.openwall.com/lists/oss-security/2016/02/28/3)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-20",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-COREUTILS-1543947",
              "shortDescription": {
                "text": "Low severity - Race Condition vulnerability in coreutils"
              },
              "fullDescription": {
                "text": "(CVE-2017-18018) coreutils@9.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `coreutils` package and not the `coreutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.\n## Remediation\nThere is no fixed version for `Debian:12` `coreutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-18018](https://security-tracker.debian.org/tracker/CVE-2017-18018)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018)\n- [http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html](http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-362",
                  "deb"
                ],
                "cvssv3_baseScore": 4.7,
                "security-severity": "4.7"
              }
            },
            {
              "id": "SNYK-DEBIAN12-CURL-6501697",
              "shortDescription": {
                "text": "Low severity - CVE-2024-2379 vulnerability in curl"
              },
              "fullDescription": {
                "text": "(CVE-2024-2379) curl/libcurl4@7.88.1-10+deb12u7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `curl` package and not the `curl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.\n## Remediation\nThere is no fixed version for `Debian:12` `curl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-2379](https://security-tracker.debian.org/tracker/CVE-2024-2379)\n- [https://curl.se/docs/CVE-2024-2379.html](https://curl.se/docs/CVE-2024-2379.html)\n- [https://curl.se/docs/CVE-2024-2379.json](https://curl.se/docs/CVE-2024-2379.json)\n- [https://hackerone.com/reports/2410774](https://hackerone.com/reports/2410774)\n- [http://www.openwall.com/lists/oss-security/2024/03/27/2](http://www.openwall.com/lists/oss-security/2024/03/27/2)\n- [https://security.netapp.com/advisory/ntap-20240531-0001/](https://security.netapp.com/advisory/ntap-20240531-0001/)\n- [https://support.apple.com/kb/HT214118](https://support.apple.com/kb/HT214118)\n- [https://support.apple.com/kb/HT214119](https://support.apple.com/kb/HT214119)\n- [https://support.apple.com/kb/HT214120](https://support.apple.com/kb/HT214120)\n- [http://seclists.org/fulldisclosure/2024/Jul/20](http://seclists.org/fulldisclosure/2024/Jul/20)\n- [http://seclists.org/fulldisclosure/2024/Jul/18](http://seclists.org/fulldisclosure/2024/Jul/18)\n- [http://seclists.org/fulldisclosure/2024/Jul/19](http://seclists.org/fulldisclosure/2024/Jul/19)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-CURL-7930897",
              "shortDescription": {
                "text": "Low severity - CVE-2024-8096 vulnerability in curl"
              },
              "fullDescription": {
                "text": "(CVE-2024-8096) curl/libcurl4@7.88.1-10+deb12u7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `curl` package and not the `curl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nWhen curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine.  If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.\n## Remediation\nThere is no fixed version for `Debian:12` `curl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-8096](https://security-tracker.debian.org/tracker/CVE-2024-8096)\n- [https://curl.se/docs/CVE-2024-8096.html](https://curl.se/docs/CVE-2024-8096.html)\n- [https://curl.se/docs/CVE-2024-8096.json](https://curl.se/docs/CVE-2024-8096.json)\n- [https://hackerone.com/reports/2669852](https://hackerone.com/reports/2669852)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-DAV1D-5518047",
              "shortDescription": {
                "text": "Low severity - Race Condition vulnerability in dav1d"
              },
              "fullDescription": {
                "text": "(CVE-2023-32570) dav1d/libdav1d6@1.0.0-2+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `dav1d` package and not the `dav1d` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nVideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.\n## Remediation\nThere is no fixed version for `Debian:12` `dav1d`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-32570](https://security-tracker.debian.org/tracker/CVE-2023-32570)\n- [https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa](https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa)\n- [https://code.videolan.org/videolan/dav1d/-/tags/1.2.0](https://code.videolan.org/videolan/dav1d/-/tags/1.2.0)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/)\n- [https://security.gentoo.org/glsa/202310-05](https://security.gentoo.org/glsa/202310-05)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WGSO7UMOF4MVLQ5H6KIV7OG6ONS377B/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXZ6CUNJFDJLCFOZHY2TIGMCAEITLCRP/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-362",
                  "deb"
                ],
                "cvssv3_baseScore": 5.9,
                "security-severity": "5.9"
              }
            },
            {
              "id": "SNYK-DEBIAN12-DJVULIBRE-5858453",
              "shortDescription": {
                "text": "Low severity - Divide By Zero vulnerability in djvulibre"
              },
              "fullDescription": {
                "text": "(CVE-2021-46312) djvulibre/libdjvulibre21@3.5.28-2+b1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `djvulibre` package and not the `djvulibre` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.\n## Remediation\nThere is no fixed version for `Debian:12` `djvulibre`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-46312](https://security-tracker.debian.org/tracker/CVE-2021-46312)\n- [https://sourceforge.net/p/djvu/bugs/344/](https://sourceforge.net/p/djvu/bugs/344/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APFAWR7QE27GXQMRKR6XKNZWWUJ5YMH/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APFAWR7QE27GXQMRKR6XKNZWWUJ5YMH/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-369",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-DJVULIBRE-5858454",
              "shortDescription": {
                "text": "Low severity - Divide By Zero vulnerability in djvulibre"
              },
              "fullDescription": {
                "text": "(CVE-2021-46310) djvulibre/libdjvulibre21@3.5.28-2+b1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `djvulibre` package and not the `djvulibre` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.\n## Remediation\nThere is no fixed version for `Debian:12` `djvulibre`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-46310](https://security-tracker.debian.org/tracker/CVE-2021-46310)\n- [https://sourceforge.net/p/djvu/bugs/345/](https://sourceforge.net/p/djvu/bugs/345/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APFAWR7QE27GXQMRKR6XKNZWWUJ5YMH/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APFAWR7QE27GXQMRKR6XKNZWWUJ5YMH/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HN4JOIBNMJMW2NQSGT6DCDCQZJ2ROFM7/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XEEGAR4WUF6LTOJEHSON7I2MBTPFTVR5/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-369",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-ELFUTILS-6254969",
              "shortDescription": {
                "text": "Low severity - CVE-2024-25260 vulnerability in elfutils"
              },
              "fullDescription": {
                "text": "(CVE-2024-25260) elfutils/libelf1@0.188-2.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `elfutils` package and not the `elfutils` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nelfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.\n## Remediation\nThere is no fixed version for `Debian:12` `elfutils`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-25260](https://security-tracker.debian.org/tracker/CVE-2024-25260)\n- [https://github.com/schsiung/fuzzer_issues/issues/1](https://github.com/schsiung/fuzzer_issues/issues/1)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=31058](https://sourceware.org/bugzilla/show_bug.cgi?id=31058)\n- [https://sourceware.org/elfutils/](https://sourceware.org/elfutils/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-EXPAT-6227597",
              "shortDescription": {
                "text": "Low severity - Resource Exhaustion vulnerability in expat"
              },
              "fullDescription": {
                "text": "(CVE-2023-52425) expat/libexpat1@2.5.0-1+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `expat` package and not the `expat` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.\n## Remediation\nThere is no fixed version for `Debian:12` `expat`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-52425](https://security-tracker.debian.org/tracker/CVE-2023-52425)\n- [https://github.com/libexpat/libexpat/pull/789](https://github.com/libexpat/libexpat/pull/789)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/)\n- [https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html](https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html)\n- [http://www.openwall.com/lists/oss-security/2024/03/20/5](http://www.openwall.com/lists/oss-security/2024/03/20/5)\n- [https://security.netapp.com/advisory/ntap-20240614-0003/](https://security.netapp.com/advisory/ntap-20240614-0003/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-400",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-EXPAT-6227603",
              "shortDescription": {
                "text": "Low severity - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') vulnerability in expat"
              },
              "fullDescription": {
                "text": "(CVE-2023-52426) expat/libexpat1@2.5.0-1+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `expat` package and not the `expat` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.\n## Remediation\nThere is no fixed version for `Debian:12` `expat`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-52426](https://security-tracker.debian.org/tracker/CVE-2023-52426)\n- [https://cwe.mitre.org/data/definitions/776.html](https://cwe.mitre.org/data/definitions/776.html)\n- [https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404](https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404)\n- [https://github.com/libexpat/libexpat/pull/777](https://github.com/libexpat/libexpat/pull/777)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/)\n- [https://security.netapp.com/advisory/ntap-20240307-0005/](https://security.netapp.com/advisory/ntap-20240307-0005/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-776",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-EXPAT-6420595",
              "shortDescription": {
                "text": "Low severity - CVE-2024-28757 vulnerability in expat"
              },
              "fullDescription": {
                "text": "(CVE-2024-28757) expat/libexpat1@2.5.0-1+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `expat` package and not the `expat` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).\n## Remediation\nThere is no fixed version for `Debian:12` `expat`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-28757](https://security-tracker.debian.org/tracker/CVE-2024-28757)\n- [https://github.com/libexpat/libexpat/issues/839](https://github.com/libexpat/libexpat/issues/839)\n- [https://github.com/libexpat/libexpat/pull/842](https://github.com/libexpat/libexpat/pull/842)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/)\n- [https://security.netapp.com/advisory/ntap-20240322-0001/](https://security.netapp.com/advisory/ntap-20240322-0001/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/)\n- [http://www.openwall.com/lists/oss-security/2024/03/15/1](http://www.openwall.com/lists/oss-security/2024/03/15/1)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-EXPAT-8309094",
              "shortDescription": {
                "text": "Low severity - CVE-2024-50602 vulnerability in expat"
              },
              "fullDescription": {
                "text": "(CVE-2024-50602) expat/libexpat1@2.5.0-1+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `expat` package and not the `expat` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.\n## Remediation\nThere is no fixed version for `Debian:12` `expat`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-50602](https://security-tracker.debian.org/tracker/CVE-2024-50602)\n- [https://github.com/libexpat/libexpat/pull/915](https://github.com/libexpat/libexpat/pull/915)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GCC12-2606941",
              "shortDescription": {
                "text": "Low severity - Uncontrolled Recursion vulnerability in gcc-12"
              },
              "fullDescription": {
                "text": "(CVE-2022-27943) gcc-12/gcc-12-base@12.2.0-14"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gcc-12` package and not the `gcc-12` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.\n## Remediation\nThere is no fixed version for `Debian:12` `gcc-12`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2022-27943](https://security-tracker.debian.org/tracker/CVE-2022-27943)\n- [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=28995](https://sourceware.org/bugzilla/show_bug.cgi?id=28995)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-674",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GCC12-5901316",
              "shortDescription": {
                "text": "Low severity - CVE-2023-4039 vulnerability in gcc-12"
              },
              "fullDescription": {
                "text": "(CVE-2023-4039) gcc-12/gcc-12-base@12.2.0-14"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gcc-12` package and not the `gcc-12` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\n\n\n**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.\n\n\n\n\n\n\n## Remediation\nThere is no fixed version for `Debian:12` `gcc-12`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-4039](https://security-tracker.debian.org/tracker/CVE-2023-4039)\n- [https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64](https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64)\n- [https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf](https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 4.8,
                "security-severity": "4.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GIT-1547086",
              "shortDescription": {
                "text": "Low severity - Improper Input Validation vulnerability in git"
              },
              "fullDescription": {
                "text": "(CVE-2018-1000021) git/git-man@1:2.39.5-0+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `git` package and not the `git` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).\n## Remediation\nThere is no fixed version for `Debian:12` `git`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-1000021](https://security-tracker.debian.org/tracker/CVE-2018-1000021)\n- [http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html](http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-20",
                  "deb"
                ],
                "cvssv3_baseScore": 5,
                "security-severity": "5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GIT-2399902",
              "shortDescription": {
                "text": "Low severity - Exposure of Resource to Wrong Sphere vulnerability in git"
              },
              "fullDescription": {
                "text": "(CVE-2022-24975) git/git-man@1:2.39.5-0+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `git` package and not the `git` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has been disputed by multiple 3rd parties who believe this is an intended feature of the git binary and does not pose a security risk.\n## Remediation\nThere is no fixed version for `Debian:12` `git`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2022-24975](https://security-tracker.debian.org/tracker/CVE-2022-24975)\n- [https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191](https://github.com/git/git/blob/2dc94da3744bfbbf145eca587a0f5ff480cc5867/Documentation/git-clone.txt#L185-L191)\n- [https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/](https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/)\n- [https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/](https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/)\n- [https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g/](https://lore.kernel.org/git/xmqq4k14qe9g.fsf%40gitster.g/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-668",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIB20-1547042",
              "shortDescription": {
                "text": "Low severity - Cryptographic Issues vulnerability in glib2.0"
              },
              "fullDescription": {
                "text": "(CVE-2012-0039) glib2.0/libglib2.0-0@2.74.6-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glib2.0` package and not the `glib2.0` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.\n## Remediation\nThere is no fixed version for `Debian:12` `glib2.0`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2012-0039](https://security-tracker.debian.org/tracker/CVE-2012-0039)\n- [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044)\n- [http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html](http://mail.gnome.org/archives/gtk-devel-list/2003-May/msg00111.html)\n- [http://openwall.com/lists/oss-security/2012/01/10/12](http://openwall.com/lists/oss-security/2012/01/10/12)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=772720](https://bugzilla.redhat.com/show_bug.cgi?id=772720)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-310",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1546991",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-1010024) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-1010024](https://security-tracker.debian.org/tracker/CVE-2019-1010024)\n- [https://support.f5.com/csp/article/K06046097](https://support.f5.com/csp/article/K06046097)\n- [https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22852](https://sourceware.org/bugzilla/show_bug.cgi?id=22852)\n- [http://www.securityfocus.com/bid/109162](http://www.securityfocus.com/bid/109162)\n- [https://ubuntu.com/security/CVE-2019-1010024](https://ubuntu.com/security/CVE-2019-1010024)\n- [https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-200",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547039",
              "shortDescription": {
                "text": "Low severity - Uncontrolled Recursion vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2018-20796) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-20796](https://security-tracker.debian.org/tracker/CVE-2018-20796)\n- [https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS)\n- [https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141)\n- [https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html](https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html)\n- [https://security.netapp.com/advisory/ntap-20190315-0002/](https://security.netapp.com/advisory/ntap-20190315-0002/)\n- [http://www.securityfocus.com/bid/107160](http://www.securityfocus.com/bid/107160)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20796)\n- [https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-674",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547069",
              "shortDescription": {
                "text": "Low severity - Uncontrolled Recursion vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-9192) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-9192](https://security-tracker.debian.org/tracker/CVE-2019-9192)\n- [https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=24269](https://sourceware.org/bugzilla/show_bug.cgi?id=24269)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9192)\n- [https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K26346590?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-674",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547135",
              "shortDescription": {
                "text": "Low severity - Use of Insufficiently Random Values vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-1010025) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-1010025](https://security-tracker.debian.org/tracker/CVE-2019-1010025)\n- [https://support.f5.com/csp/article/K06046097](https://support.f5.com/csp/article/K06046097)\n- [https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22853](https://sourceware.org/bugzilla/show_bug.cgi?id=22853)\n- [https://ubuntu.com/security/CVE-2019-1010025](https://ubuntu.com/security/CVE-2019-1010025)\n- [https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K06046097?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-330",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547196",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-1010022) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-1010022](https://security-tracker.debian.org/tracker/CVE-2019-1010022)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22850](https://sourceware.org/bugzilla/show_bug.cgi?id=22850)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3](https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3)\n- [https://ubuntu.com/security/CVE-2019-1010022](https://ubuntu.com/security/CVE-2019-1010022)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547293",
              "shortDescription": {
                "text": "Low severity - Resource Management Errors vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2010-4756) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2010-4756](https://security-tracker.debian.org/tracker/CVE-2010-4756)\n- [http://cxib.net/stuff/glob-0day.c](http://cxib.net/stuff/glob-0day.c)\n- [http://securityreason.com/achievement_securityalert/89](http://securityreason.com/achievement_securityalert/89)\n- [http://securityreason.com/exploitalert/9223](http://securityreason.com/exploitalert/9223)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=681681](https://bugzilla.redhat.com/show_bug.cgi?id=681681)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-399",
                  "deb"
                ],
                "cvssv3_baseScore": 4.3,
                "security-severity": "4.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GLIBC-1547373",
              "shortDescription": {
                "text": "Low severity - CVE-2019-1010023 vulnerability in glibc"
              },
              "fullDescription": {
                "text": "(CVE-2019-1010023) glibc/libc-bin@2.36-9+deb12u8"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `glibc` package and not the `glibc` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.\n## Remediation\nThere is no fixed version for `Debian:12` `glibc`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-1010023](https://security-tracker.debian.org/tracker/CVE-2019-1010023)\n- [https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS](https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS)\n- [https://sourceware.org/bugzilla/show_bug.cgi?id=22851](https://sourceware.org/bugzilla/show_bug.cgi?id=22851)\n- [http://www.securityfocus.com/bid/109167](http://www.securityfocus.com/bid/109167)\n- [https://ubuntu.com/security/CVE-2019-1010023](https://ubuntu.com/security/CVE-2019-1010023)\n- [https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K11932200?utm_source=f5support&amp%3Butm_medium=RSS)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GNUPG2-3330747",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in gnupg2"
              },
              "fullDescription": {
                "text": "(CVE-2022-3219) gnupg2/gpgv@2.2.40-1.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gnupg2` package and not the `gnupg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.\n## Remediation\nThere is no fixed version for `Debian:12` `gnupg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2022-3219](https://security-tracker.debian.org/tracker/CVE-2022-3219)\n- [https://access.redhat.com/security/cve/CVE-2022-3219](https://access.redhat.com/security/cve/CVE-2022-3219)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2127010](https://bugzilla.redhat.com/show_bug.cgi?id=2127010)\n- [https://dev.gnupg.org/D556](https://dev.gnupg.org/D556)\n- [https://dev.gnupg.org/T5993](https://dev.gnupg.org/T5993)\n- [https://marc.info/?l=oss-security&m=165696590211434&w=4](https://marc.info/?l=oss-security&m=165696590211434&w=4)\n- [https://security.netapp.com/advisory/ntap-20230324-0001/](https://security.netapp.com/advisory/ntap-20230324-0001/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 3.3,
                "security-severity": "3.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-GNUTLS28-1547121",
              "shortDescription": {
                "text": "Low severity - Improper Input Validation vulnerability in gnutls28"
              },
              "fullDescription": {
                "text": "(CVE-2011-3389) gnutls28/libgnutls30@3.7.9-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `gnutls28` package and not the `gnutls28` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.\n## Remediation\nThere is no fixed version for `Debian:12` `gnutls28`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2011-3389](https://security-tracker.debian.org/tracker/CVE-2011-3389)\n- [http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html](http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html)\n- [http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html](http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html)\n- [http://support.apple.com/kb/HT4999](http://support.apple.com/kb/HT4999)\n- [http://support.apple.com/kb/HT5001](http://support.apple.com/kb/HT5001)\n- [http://support.apple.com/kb/HT5130](http://support.apple.com/kb/HT5130)\n- [http://support.apple.com/kb/HT5281](http://support.apple.com/kb/HT5281)\n- [http://support.apple.com/kb/HT5501](http://support.apple.com/kb/HT5501)\n- [http://support.apple.com/kb/HT6150](http://support.apple.com/kb/HT6150)\n- [http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html](http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html)\n- [http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html](http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html)\n- [http://lists.apple.com/archives/security-announce/2012/May/msg00001.html](http://lists.apple.com/archives/security-announce/2012/May/msg00001.html)\n- [http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html](http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html)\n- [http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html](http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html)\n- [http://www.us-cert.gov/cas/techalerts/TA12-010A.html](http://www.us-cert.gov/cas/techalerts/TA12-010A.html)\n- [http://www.kb.cert.org/vuls/id/864643](http://www.kb.cert.org/vuls/id/864643)\n- [http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html](http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html)\n- [http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/](http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/)\n- [http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx](http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx)\n- [http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx](http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx)\n- [http://curl.haxx.se/docs/adv_20120124B.html](http://curl.haxx.se/docs/adv_20120124B.html)\n- [http://downloads.asterisk.org/pub/security/AST-2016-001.html](http://downloads.asterisk.org/pub/security/AST-2016-001.html)\n- [http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue](http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue)\n- [https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail](https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail)\n- [https://bugzilla.novell.com/show_bug.cgi?id=719047](https://bugzilla.novell.com/show_bug.cgi?id=719047)\n- [https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf)\n- [http://technet.microsoft.com/security/advisory/2588513](http://technet.microsoft.com/security/advisory/2588513)\n- [http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf](http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf)\n- [http://www.ibm.com/developerworks/java/jdk/alerts/](http://www.ibm.com/developerworks/java/jdk/alerts/)\n- [http://www.imperialviolet.org/2011/09/23/chromeandbeast.html](http://www.imperialviolet.org/2011/09/23/chromeandbeast.html)\n- [http://www.opera.com/docs/changelogs/mac/1151/](http://www.opera.com/docs/changelogs/mac/1151/)\n- [http://www.opera.com/docs/changelogs/mac/1160/](http://www.opera.com/docs/changelogs/mac/1160/)\n- [http://www.opera.com/docs/changelogs/unix/1151/](http://www.opera.com/docs/changelogs/unix/1151/)\n- [http://www.opera.com/docs/changelogs/unix/1160/](http://www.opera.com/docs/changelogs/unix/1160/)\n- [http://www.opera.com/docs/changelogs/windows/1151/](http://www.opera.com/docs/changelogs/windows/1151/)\n- [http://www.opera.com/docs/changelogs/windows/1160/](http://www.opera.com/docs/changelogs/windows/1160/)\n- [http://www.opera.com/support/kb/view/1004/](http://www.opera.com/support/kb/view/1004/)\n- [http://www.debian.org/security/2012/dsa-2398](http://www.debian.org/security/2012/dsa-2398)\n- [http://security.gentoo.org/glsa/glsa-201203-02.xml](http://security.gentoo.org/glsa/glsa-201203-02.xml)\n- [http://security.gentoo.org/glsa/glsa-201406-32.xml](http://security.gentoo.org/glsa/glsa-201406-32.xml)\n- [https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862](https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862)\n- [http://marc.info/?l=bugtraq&m=132750579901589&w=2](http://marc.info/?l=bugtraq&m=132750579901589&w=2)\n- [http://marc.info/?l=bugtraq&m=132872385320240&w=2](http://marc.info/?l=bugtraq&m=132872385320240&w=2)\n- [http://marc.info/?l=bugtraq&m=133365109612558&w=2](http://marc.info/?l=bugtraq&m=133365109612558&w=2)\n- [http://marc.info/?l=bugtraq&m=133728004526190&w=2](http://marc.info/?l=bugtraq&m=133728004526190&w=2)\n- [http://marc.info/?l=bugtraq&m=134254866602253&w=2](http://marc.info/?l=bugtraq&m=134254866602253&w=2)\n- [http://marc.info/?l=bugtraq&m=134254957702612&w=2](http://marc.info/?l=bugtraq&m=134254957702612&w=2)\n- [http://ekoparty.org/2011/juliano-rizzo.php](http://ekoparty.org/2011/juliano-rizzo.php)\n- [http://eprint.iacr.org/2004/111](http://eprint.iacr.org/2004/111)\n- [http://eprint.iacr.org/2006/136](http://eprint.iacr.org/2006/136)\n- [http://isc.sans.edu/diary/SSL+TLS+part+3+/11635](http://isc.sans.edu/diary/SSL+TLS+part+3+/11635)\n- [https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02](https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02)\n- [http://vnhacker.blogspot.com/2011/09/beast.html](http://vnhacker.blogspot.com/2011/09/beast.html)\n- [http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html](http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html)\n- [http://www.insecure.cl/Beast-SSL.rar](http://www.insecure.cl/Beast-SSL.rar)\n- [https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006](https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006)\n- [http://technet.microsoft.com/security/bulletin/MS12-006](http://technet.microsoft.com/security/bulletin/MS12-006)\n- [http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html](http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html)\n- [http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html](http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html)\n- [http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html](http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html)\n- [http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html](http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html)\n- [http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html](http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html)\n- [http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html](http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html)\n- [http://osvdb.org/74829](http://osvdb.org/74829)\n- [https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752](https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=737506](https://bugzilla.redhat.com/show_bug.cgi?id=737506)\n- [http://rhn.redhat.com/errata/RHSA-2012-0508.html](http://rhn.redhat.com/errata/RHSA-2012-0508.html)\n- [http://rhn.redhat.com/errata/RHSA-2013-1455.html](http://rhn.redhat.com/errata/RHSA-2013-1455.html)\n- [http://secunia.com/advisories/45791](http://secunia.com/advisories/45791)\n- [http://secunia.com/advisories/47998](http://secunia.com/advisories/47998)\n- [http://secunia.com/advisories/48256](http://secunia.com/advisories/48256)\n- [http://secunia.com/advisories/48692](http://secunia.com/advisories/48692)\n- [http://secunia.com/advisories/48915](http://secunia.com/advisories/48915)\n- [http://secunia.com/advisories/48948](http://secunia.com/advisories/48948)\n- [http://secunia.com/advisories/49198](http://secunia.com/advisories/49198)\n- [http://secunia.com/advisories/55322](http://secunia.com/advisories/55322)\n- [http://secunia.com/advisories/55350](http://secunia.com/advisories/55350)\n- [http://secunia.com/advisories/55351](http://secunia.com/advisories/55351)\n- [http://www.securityfocus.com/bid/49388](http://www.securityfocus.com/bid/49388)\n- [http://www.securityfocus.com/bid/49778](http://www.securityfocus.com/bid/49778)\n- [http://www.securitytracker.com/id?1025997](http://www.securitytracker.com/id?1025997)\n- [http://www.securitytracker.com/id?1026103](http://www.securitytracker.com/id?1026103)\n- [http://www.securitytracker.com/id?1026704](http://www.securitytracker.com/id?1026704)\n- [http://www.securitytracker.com/id/1029190](http://www.securitytracker.com/id/1029190)\n- [http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html)\n- [https://hermes.opensuse.org/messages/13154861](https://hermes.opensuse.org/messages/13154861)\n- [https://hermes.opensuse.org/messages/13155432](https://hermes.opensuse.org/messages/13155432)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2011-3389](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2011-3389)\n- [http://www.ubuntu.com/usn/USN-1263-1](http://www.ubuntu.com/usn/USN-1263-1)\n- [http://www.mandriva.com/security/advisories?name=MDVSA-2012:058](http://www.mandriva.com/security/advisories?name=MDVSA-2012:058)\n- [http://www.redhat.com/support/errata/RHSA-2011-1384.html](http://www.redhat.com/support/errata/RHSA-2011-1384.html)\n- [http://www.redhat.com/support/errata/RHSA-2012-0006.html](http://www.redhat.com/support/errata/RHSA-2012-0006.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-20",
                  "deb"
                ],
                "cvssv3_baseScore": 4.3,
                "security-severity": "4.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-HARFBUZZ-3311294",
              "shortDescription": {
                "text": "Low severity - Allocation of Resources Without Limits or Throttling vulnerability in harfbuzz"
              },
              "fullDescription": {
                "text": "(CVE-2023-25193) harfbuzz/libharfbuzz0b@6.0.0+dfsg-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `harfbuzz` package and not the `harfbuzz` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nhb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.\n## Remediation\nThere is no fixed version for `Debian:12` `harfbuzz`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-25193](https://security-tracker.debian.org/tracker/CVE-2023-25193)\n- [https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361](https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361)\n- [https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh](https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh)\n- [https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc](https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/)\n- [https://security.netapp.com/advisory/ntap-20230725-0006/](https://security.netapp.com/advisory/ntap-20230725-0006/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-770",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-1548360",
              "shortDescription": {
                "text": "Low severity - Missing Release of Resource after Effective Lifetime vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2017-11755) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-11755](https://security-tracker.debian.org/tracker/CVE-2017-11755)\n- [https://github.com/ImageMagick/ImageMagick/issues/634](https://github.com/ImageMagick/ImageMagick/issues/634)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-772",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-1548383",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2017-7275) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-7275](https://security-tracker.debian.org/tracker/CVE-2017-7275)\n- [https://github.com/ImageMagick/ImageMagick/issues/271](https://github.com/ImageMagick/ImageMagick/issues/271)\n- [https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/](https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/)\n- [http://www.securityfocus.com/bid/97166](http://www.securityfocus.com/bid/97166)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-1548409",
              "shortDescription": {
                "text": "Low severity - Missing Release of Resource after Effective Lifetime vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2017-11754) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-11754](https://security-tracker.debian.org/tracker/CVE-2017-11754)\n- [https://github.com/ImageMagick/ImageMagick/issues/633](https://github.com/ImageMagick/ImageMagick/issues/633)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-772",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-1548461",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Read vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2016-8678) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says "This is a Q64 issue and we do not support Q64."\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-8678](https://security-tracker.debian.org/tracker/CVE-2016-8678)\n- [https://github.com/ImageMagick/ImageMagick/issues/272](https://github.com/ImageMagick/ImageMagick/issues/272)\n- [http://www.openwall.com/lists/oss-security/2016/10/16/2](http://www.openwall.com/lists/oss-security/2016/10/16/2)\n- [http://www.openwall.com/lists/oss-security/2016/12/08/18](http://www.openwall.com/lists/oss-security/2016/12/08/18)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=1385694](https://bugzilla.redhat.com/show_bug.cgi?id=1385694)\n- [http://www.securityfocus.com/bid/93599](http://www.securityfocus.com/bid/93599)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-125",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-1548464",
              "shortDescription": {
                "text": "Low severity - CVE-2005-0406 vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2005-0406) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2005-0406](https://security-tracker.debian.org/tracker/CVE-2005-0406)\n- [http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html](http://seclists.org/lists/fulldisclosure/2005/Feb/0343.html)\n- [http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt](http://www.redteam-pentesting.de/advisories/rt-sa-2005-008.txt)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-1548490",
              "shortDescription": {
                "text": "Low severity - Resource Management Errors vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2008-3134) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nMultiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2008-3134](https://security-tracker.debian.org/tracker/CVE-2008-3134)\n- [http://sourceforge.net/forum/forum.php?forum_id=841176](http://sourceforge.net/forum/forum.php?forum_id=841176)\n- [http://sourceforge.net/project/shownotes.php?release_id=610253](http://sourceforge.net/project/shownotes.php?release_id=610253)\n- [http://www.vupen.com/english/advisories/2008/1984/references](http://www.vupen.com/english/advisories/2008/1984/references)\n- [http://xforce.iss.net/xforce/xfdb/43511](http://xforce.iss.net/xforce/xfdb/43511)\n- [http://xforce.iss.net/xforce/xfdb/43513](http://xforce.iss.net/xforce/xfdb/43513)\n- [http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html](http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html)\n- [http://secunia.com/advisories/30879](http://secunia.com/advisories/30879)\n- [http://secunia.com/advisories/32151](http://secunia.com/advisories/32151)\n- [http://www.securityfocus.com/bid/30055](http://www.securityfocus.com/bid/30055)\n- [http://www.securitytracker.com/id?1020413](http://www.securitytracker.com/id?1020413)\n- [https://exchange.xforce.ibmcloud.com/vulnerabilities/43511](https://exchange.xforce.ibmcloud.com/vulnerabilities/43511)\n- [https://exchange.xforce.ibmcloud.com/vulnerabilities/43513](https://exchange.xforce.ibmcloud.com/vulnerabilities/43513)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-399",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-1548737",
              "shortDescription": {
                "text": "Low severity - Resource Exhaustion vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2018-15607) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-15607](https://security-tracker.debian.org/tracker/CVE-2018-15607)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15607)\n- [https://github.com/ImageMagick/ImageMagick/issues/1255](https://github.com/ImageMagick/ImageMagick/issues/1255)\n- [http://www.securityfocus.com/bid/105137](http://www.securityfocus.com/bid/105137)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15607](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15607)\n- [https://usn.ubuntu.com/4034-1/](https://usn.ubuntu.com/4034-1/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-400",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-1548871",
              "shortDescription": {
                "text": "Low severity - Divide By Zero vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2021-20311) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-20311](https://security-tracker.debian.org/tracker/CVE-2021-20311)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=1946739](https://bugzilla.redhat.com/show_bug.cgi?id=1946739)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-369",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-IMAGEMAGICK-5660573",
              "shortDescription": {
                "text": "Low severity - OS Command Injection vulnerability in imagemagick"
              },
              "fullDescription": {
                "text": "(CVE-2023-34152) imagemagick/imagemagick-6-common@8:6.9.11.60+dfsg-1.6+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `imagemagick` package and not the `imagemagick` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.\n## Remediation\nThere is no fixed version for `Debian:12` `imagemagick`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-34152](https://security-tracker.debian.org/tracker/CVE-2023-34152)\n- [https://access.redhat.com/security/cve/CVE-2023-34152](https://access.redhat.com/security/cve/CVE-2023-34152)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2210659](https://bugzilla.redhat.com/show_bug.cgi?id=2210659)\n- [https://github.com/ImageMagick/ImageMagick/issues/6339](https://github.com/ImageMagick/ImageMagick/issues/6339)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-78",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-JANSSON-1548880",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Read vulnerability in jansson"
              },
              "fullDescription": {
                "text": "(CVE-2020-36325) jansson/libjansson4@2.14-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `jansson` package and not the `jansson` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification\n## Remediation\nThere is no fixed version for `Debian:12` `jansson`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2020-36325](https://security-tracker.debian.org/tracker/CVE-2020-36325)\n- [https://github.com/akheron/jansson/issues/548](https://github.com/akheron/jansson/issues/548)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-125",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-JBIGKIT-1549085",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in jbigkit"
              },
              "fullDescription": {
                "text": "(CVE-2017-9937) jbigkit/libjbig-dev@2.1-6.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `jbigkit` package and not the `jbigkit` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.\n## Remediation\nThere is no fixed version for `Debian:12` `jbigkit`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-9937](https://security-tracker.debian.org/tracker/CVE-2017-9937)\n- [http://bugzilla.maptools.org/show_bug.cgi?id=2707](http://bugzilla.maptools.org/show_bug.cgi?id=2707)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://www.securityfocus.com/bid/99304](http://www.securityfocus.com/bid/99304)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9937](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9937)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-KRB5-1549480",
              "shortDescription": {
                "text": "Low severity - Integer Overflow or Wraparound vulnerability in krb5"
              },
              "fullDescription": {
                "text": "(CVE-2018-5709) krb5/libgssapi-krb5-2@1.20.1-2+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `krb5` package and not the `krb5` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.\n## Remediation\nThere is no fixed version for `Debian:12` `krb5`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-5709](https://security-tracker.debian.org/tracker/CVE-2018-5709)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709)\n- [https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow](https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5709](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5709)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-190",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-KRB5-6277411",
              "shortDescription": {
                "text": "Low severity - CVE-2024-26461 vulnerability in krb5"
              },
              "fullDescription": {
                "text": "(CVE-2024-26461) krb5/libgssapi-krb5-2@1.20.1-2+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `krb5` package and not the `krb5` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nKerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.\n## Remediation\nThere is no fixed version for `Debian:12` `krb5`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-26461](https://security-tracker.debian.org/tracker/CVE-2024-26461)\n- [https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md](https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md)\n- [https://security.netapp.com/advisory/ntap-20240415-0011/](https://security.netapp.com/advisory/ntap-20240415-0011/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-KRB5-6277412",
              "shortDescription": {
                "text": "Low severity - CVE-2024-26458 vulnerability in krb5"
              },
              "fullDescription": {
                "text": "(CVE-2024-26458) krb5/libgssapi-krb5-2@1.20.1-2+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `krb5` package and not the `krb5` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nKerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.\n## Remediation\nThere is no fixed version for `Debian:12` `krb5`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-26458](https://security-tracker.debian.org/tracker/CVE-2024-26458)\n- [https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md](https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md)\n- [https://security.netapp.com/advisory/ntap-20240415-0010/](https://security.netapp.com/advisory/ntap-20240415-0010/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-KRB5-6277421",
              "shortDescription": {
                "text": "Low severity - CVE-2024-26462 vulnerability in krb5"
              },
              "fullDescription": {
                "text": "(CVE-2024-26462) krb5/libgssapi-krb5-2@1.20.1-2+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `krb5` package and not the `krb5` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nKerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.\n## Remediation\nThere is no fixed version for `Debian:12` `krb5`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-26462](https://security-tracker.debian.org/tracker/CVE-2024-26462)\n- [https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md](https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md)\n- [https://security.netapp.com/advisory/ntap-20240415-0012/](https://security.netapp.com/advisory/ntap-20240415-0012/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBDE265-6672145",
              "shortDescription": {
                "text": "Low severity - CVE-2023-51792 vulnerability in libde265"
              },
              "fullDescription": {
                "text": "(CVE-2023-51792) libde265/libde265-0@1.0.11-1+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libde265` package and not the `libde265` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nBuffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.\n## Remediation\nThere is no fixed version for `Debian:12` `libde265`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-51792](https://security-tracker.debian.org/tracker/CVE-2023-51792)\n- [https://github.com/strukturag/libde265](https://github.com/strukturag/libde265)\n- [https://github.com/strukturag/libde265/issues/427](https://github.com/strukturag/libde265/issues/427)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBDE265-7411271",
              "shortDescription": {
                "text": "Low severity - CVE-2024-38949 vulnerability in libde265"
              },
              "fullDescription": {
                "text": "(CVE-2024-38949) libde265/libde265-0@1.0.11-1+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libde265` package and not the `libde265` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nHeap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc\n## Remediation\nThere is no fixed version for `Debian:12` `libde265`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-38949](https://security-tracker.debian.org/tracker/CVE-2024-38949)\n- [https://github.com/strukturag/libde265/issues/460](https://github.com/strukturag/libde265/issues/460)\n- [https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38949](https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38949)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBDE265-7411272",
              "shortDescription": {
                "text": "Low severity - CVE-2024-38950 vulnerability in libde265"
              },
              "fullDescription": {
                "text": "(CVE-2024-38950) libde265/libde265-0@1.0.11-1+deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libde265` package and not the `libde265` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nHeap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.\n## Remediation\nThere is no fixed version for `Debian:12` `libde265`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-38950](https://security-tracker.debian.org/tracker/CVE-2024-38950)\n- [https://github.com/strukturag/libde265/issues/460](https://github.com/strukturag/libde265/issues/460)\n- [https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38950](https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38950)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBGCRYPT20-1550206",
              "shortDescription": {
                "text": "Low severity - Use of a Broken or Risky Cryptographic Algorithm vulnerability in libgcrypt20"
              },
              "fullDescription": {
                "text": "(CVE-2018-6829) libgcrypt20@1.10.1-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libgcrypt20` package and not the `libgcrypt20` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\ncipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.\n## Remediation\nThere is no fixed version for `Debian:12` `libgcrypt20`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-6829](https://security-tracker.debian.org/tracker/CVE-2018-6829)\n- [https://github.com/weikengchen/attack-on-libgcrypt-elgamal](https://github.com/weikengchen/attack-on-libgcrypt-elgamal)\n- [https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki](https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki)\n- [https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html](https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html)\n- [https://www.oracle.com/security-alerts/cpujan2020.html](https://www.oracle.com/security-alerts/cpujan2020.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-327",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBGCRYPT20-6405981",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in libgcrypt20"
              },
              "fullDescription": {
                "text": "(CVE-2024-2236) libgcrypt20@1.10.1-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libgcrypt20` package and not the `libgcrypt20` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.\n## Remediation\nThere is no fixed version for `Debian:12` `libgcrypt20`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-2236](https://security-tracker.debian.org/tracker/CVE-2024-2236)\n- [https://access.redhat.com/security/cve/CVE-2024-2236](https://access.redhat.com/security/cve/CVE-2024-2236)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2268268](https://bugzilla.redhat.com/show_bug.cgi?id=2268268)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2245218](https://bugzilla.redhat.com/show_bug.cgi?id=2245218)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-208",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBHEIF-5498469",
              "shortDescription": {
                "text": "Medium severity - Divide By Zero vulnerability in libheif"
              },
              "fullDescription": {
                "text": "(CVE-2023-29659) libheif/libheif1@1.15.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libheif` package and not the `libheif` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.\n## Remediation\nUpgrade `Debian:12` `libheif` to version 1.15.1-1+deb12u1 or higher.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-29659](https://security-tracker.debian.org/tracker/CVE-2023-29659)\n- [https://github.com/strukturag/libheif/issues/794](https://github.com/strukturag/libheif/issues/794)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-369",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBHEIF-6105360",
              "shortDescription": {
                "text": "High severity - CVE-2023-49462 vulnerability in libheif"
              },
              "fullDescription": {
                "text": "(CVE-2023-49462) libheif/libheif1@1.15.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libheif` package and not the `libheif` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.\n## Remediation\nUpgrade `Debian:12` `libheif` to version 1.15.1-1+deb12u1 or higher.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-49462](https://security-tracker.debian.org/tracker/CVE-2023-49462)\n- [https://github.com/strukturag/libheif/issues/1043](https://github.com/strukturag/libheif/issues/1043)\n"
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBHEIF-6105378",
              "shortDescription": {
                "text": "Low severity - CVE-2023-49463 vulnerability in libheif"
              },
              "fullDescription": {
                "text": "(CVE-2023-49463) libheif/libheif1@1.15.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libheif` package and not the `libheif` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.\n## Remediation\nThere is no fixed version for `Debian:12` `libheif`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-49463](https://security-tracker.debian.org/tracker/CVE-2023-49463)\n- [https://github.com/strukturag/libheif](https://github.com/strukturag/libheif)\n- [https://github.com/strukturag/libheif/issues/1042](https://github.com/strukturag/libheif/issues/1042)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBHEIF-6371532",
              "shortDescription": {
                "text": "Low severity - CVE-2024-25269 vulnerability in libheif"
              },
              "fullDescription": {
                "text": "(CVE-2024-25269) libheif/libheif1@1.15.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libheif` package and not the `libheif` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.\n## Remediation\nThere is no fixed version for `Debian:12` `libheif`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-25269](https://security-tracker.debian.org/tracker/CVE-2024-25269)\n- [https://github.com/strukturag/libheif/issues/1073](https://github.com/strukturag/libheif/issues/1073)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBHEIF-8224949",
              "shortDescription": {
                "text": "Low severity - CVE-2024-41311 vulnerability in libheif"
              },
              "fullDescription": {
                "text": "(CVE-2024-41311) libheif/libheif1@1.15.1-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libheif` package and not the `libheif` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.\n## Remediation\nUpgrade `Debian:12` `libheif` to version 1.15.1-1+deb12u1 or higher.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-41311](https://security-tracker.debian.org/tracker/CVE-2024-41311)\n- [https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0](https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0)\n- [https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36](https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36)\n- [https://github.com/strukturag/libheif/issues/1226](https://github.com/strukturag/libheif/issues/1226)\n- [https://github.com/strukturag/libheif/pull/1227](https://github.com/strukturag/libheif/pull/1227)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBPNG16-2363910",
              "shortDescription": {
                "text": "Low severity - Buffer Overflow vulnerability in libpng1.6"
              },
              "fullDescription": {
                "text": "(CVE-2021-4214) libpng1.6/libpng-dev@1.6.39-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libpng1.6` package and not the `libpng1.6` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.\n## Remediation\nThere is no fixed version for `Debian:12` `libpng1.6`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-4214](https://security-tracker.debian.org/tracker/CVE-2021-4214)\n- [https://access.redhat.com/security/cve/CVE-2021-4214](https://access.redhat.com/security/cve/CVE-2021-4214)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2043393](https://bugzilla.redhat.com/show_bug.cgi?id=2043393)\n- [https://github.com/glennrp/libpng/issues/302](https://github.com/glennrp/libpng/issues/302)\n- [https://security.netapp.com/advisory/ntap-20221020-0001/](https://security.netapp.com/advisory/ntap-20221020-0001/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-120",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBWMF-1551191",
              "shortDescription": {
                "text": "Low severity - Resource Management Errors vulnerability in libwmf"
              },
              "fullDescription": {
                "text": "(CVE-2007-3477) libwmf/libwmflite-0.2-7@0.2.12-5.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libwmf` package and not the `libwmf` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.\n## Remediation\nThere is no fixed version for `Debian:12` `libwmf`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2007-3477](https://security-tracker.debian.org/tracker/CVE-2007-3477)\n- [http://www.securityfocus.com/archive/1/478796/100/0/threaded](http://www.securityfocus.com/archive/1/478796/100/0/threaded)\n- [ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz](ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz)\n- [http://bugs.libgd.org/?do=details&task_id=74](http://bugs.libgd.org/?do=details&task_id=74)\n- [http://bugs.libgd.org/?do=details&task_id=92](http://bugs.libgd.org/?do=details&task_id=92)\n- [https://issues.rpath.com/browse/RPL-1643](https://issues.rpath.com/browse/RPL-1643)\n- [http://www.debian.org/security/2008/dsa-1613](http://www.debian.org/security/2008/dsa-1613)\n- [http://fedoranews.org/updates/FEDORA-2007-205.shtml](http://fedoranews.org/updates/FEDORA-2007-205.shtml)\n- [http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html](http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html)\n- [http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html](http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html)\n- [http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html](http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html)\n- [http://security.gentoo.org/glsa/glsa-200708-05.xml](http://security.gentoo.org/glsa/glsa-200708-05.xml)\n- [http://security.gentoo.org/glsa/glsa-200711-34.xml](http://security.gentoo.org/glsa/glsa-200711-34.xml)\n- [http://security.gentoo.org/glsa/glsa-200805-13.xml](http://security.gentoo.org/glsa/glsa-200805-13.xml)\n- [http://www.libgd.org/ReleaseNote020035](http://www.libgd.org/ReleaseNote020035)\n- [http://osvdb.org/42062](http://osvdb.org/42062)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=277421](https://bugzilla.redhat.com/show_bug.cgi?id=277421)\n- [http://secunia.com/advisories/25860](http://secunia.com/advisories/25860)\n- [http://secunia.com/advisories/26272](http://secunia.com/advisories/26272)\n- [http://secunia.com/advisories/26390](http://secunia.com/advisories/26390)\n- [http://secunia.com/advisories/26415](http://secunia.com/advisories/26415)\n- [http://secunia.com/advisories/26467](http://secunia.com/advisories/26467)\n- [http://secunia.com/advisories/26663](http://secunia.com/advisories/26663)\n- [http://secunia.com/advisories/26766](http://secunia.com/advisories/26766)\n- [http://secunia.com/advisories/26856](http://secunia.com/advisories/26856)\n- [http://secunia.com/advisories/30168](http://secunia.com/advisories/30168)\n- [http://secunia.com/advisories/31168](http://secunia.com/advisories/31168)\n- [http://secunia.com/advisories/42813](http://secunia.com/advisories/42813)\n- [http://www.securityfocus.com/bid/24651](http://www.securityfocus.com/bid/24651)\n- [http://www.novell.com/linux/security/advisories/2007_15_sr.html](http://www.novell.com/linux/security/advisories/2007_15_sr.html)\n- [http://www.trustix.org/errata/2007/0024/](http://www.trustix.org/errata/2007/0024/)\n- [http://www.vupen.com/english/advisories/2011/0022](http://www.vupen.com/english/advisories/2011/0022)\n- [http://www.mandriva.com/security/advisories?name=MDKSA-2007:153](http://www.mandriva.com/security/advisories?name=MDKSA-2007:153)\n- [http://www.mandriva.com/security/advisories?name=MDKSA-2007:164](http://www.mandriva.com/security/advisories?name=MDKSA-2007:164)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-399",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBWMF-1551196",
              "shortDescription": {
                "text": "Low severity - Numeric Errors vulnerability in libwmf"
              },
              "fullDescription": {
                "text": "(CVE-2007-3996) libwmf/libwmflite-0.2-7@0.2.12-5.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libwmf` package and not the `libwmf` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nMultiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.\n## Remediation\nThere is no fixed version for `Debian:12` `libwmf`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2007-3996](https://security-tracker.debian.org/tracker/CVE-2007-3996)\n- [http://www.debian.org/security/2008/dsa-1613](http://www.debian.org/security/2008/dsa-1613)\n- [http://security.gentoo.org/glsa/glsa-200712-13.xml](http://security.gentoo.org/glsa/glsa-200712-13.xml)\n- [http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml](http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml)\n- [http://bugs.gentoo.org/show_bug.cgi?id=201546](http://bugs.gentoo.org/show_bug.cgi?id=201546)\n- [http://securityreason.com/securityalert/3103](http://securityreason.com/securityalert/3103)\n- [http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/](http://secweb.se/en/advisories/php-imagecopyresized-integer-overflow/)\n- [http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/](http://secweb.se/en/advisories/php-imagecreatetruecolor-integer-overflow/)\n- [https://issues.rpath.com/browse/RPL-1693](https://issues.rpath.com/browse/RPL-1693)\n- [https://issues.rpath.com/browse/RPL-1702](https://issues.rpath.com/browse/RPL-1702)\n- [http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm](http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm)\n- [https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html](https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html)\n- [http://www.php.net/ChangeLog-5.php#5.2.4](http://www.php.net/ChangeLog-5.php#5.2.4)\n- [http://www.php.net/releases/5_2_4.php](http://www.php.net/releases/5_2_4.php)\n- [http://www.trustix.org/errata/2007/0026/](http://www.trustix.org/errata/2007/0026/)\n- [http://www.vupen.com/english/advisories/2007/3023](http://www.vupen.com/english/advisories/2007/3023)\n- [http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html](http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html)\n- [https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11147](https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11147)\n- [http://rhn.redhat.com/errata/RHSA-2007-0889.html](http://rhn.redhat.com/errata/RHSA-2007-0889.html)\n- [http://secunia.com/advisories/26642](http://secunia.com/advisories/26642)\n- [http://secunia.com/advisories/26822](http://secunia.com/advisories/26822)\n- [http://secunia.com/advisories/26838](http://secunia.com/advisories/26838)\n- [http://secunia.com/advisories/26871](http://secunia.com/advisories/26871)\n- [http://secunia.com/advisories/26895](http://secunia.com/advisories/26895)\n- [http://secunia.com/advisories/26930](http://secunia.com/advisories/26930)\n- [http://secunia.com/advisories/26967](http://secunia.com/advisories/26967)\n- [http://secunia.com/advisories/27102](http://secunia.com/advisories/27102)\n- [http://secunia.com/advisories/27351](http://secunia.com/advisories/27351)\n- [http://secunia.com/advisories/27377](http://secunia.com/advisories/27377)\n- [http://secunia.com/advisories/27545](http://secunia.com/advisories/27545)\n- [http://secunia.com/advisories/28009](http://secunia.com/advisories/28009)\n- [http://secunia.com/advisories/28147](http://secunia.com/advisories/28147)\n- [http://secunia.com/advisories/28658](http://secunia.com/advisories/28658)\n- [http://secunia.com/advisories/31168](http://secunia.com/advisories/31168)\n- [http://www.ubuntu.com/usn/usn-557-1](http://www.ubuntu.com/usn/usn-557-1)\n- [https://exchange.xforce.ibmcloud.com/vulnerabilities/36382](https://exchange.xforce.ibmcloud.com/vulnerabilities/36382)\n- [https://exchange.xforce.ibmcloud.com/vulnerabilities/36383](https://exchange.xforce.ibmcloud.com/vulnerabilities/36383)\n- [http://www.mandriva.com/security/advisories?name=MDKSA-2007:187](http://www.mandriva.com/security/advisories?name=MDKSA-2007:187)\n- [http://www.redhat.com/support/errata/RHSA-2007-0888.html](http://www.redhat.com/support/errata/RHSA-2007-0888.html)\n- [http://www.redhat.com/support/errata/RHSA-2007-0890.html](http://www.redhat.com/support/errata/RHSA-2007-0890.html)\n- [http://www.redhat.com/support/errata/RHSA-2007-0891.html](http://www.redhat.com/support/errata/RHSA-2007-0891.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-189",
                  "deb"
                ],
                "cvssv3_baseScore": 6.3,
                "security-severity": "6.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBWMF-1551197",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in libwmf"
              },
              "fullDescription": {
                "text": "(CVE-2009-3546) libwmf/libwmflite-0.2-7@0.2.12-5.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libwmf` package and not the `libwmf` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.\n## Remediation\nThere is no fixed version for `Debian:12` `libwmf`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2009-3546](https://security-tracker.debian.org/tracker/CVE-2009-3546)\n- [http://marc.info/?l=oss-security&m=125562113503923&w=2](http://marc.info/?l=oss-security&m=125562113503923&w=2)\n- [http://svn.php.net/viewvc?view=revision&revision=289557](http://svn.php.net/viewvc?view=revision&revision=289557)\n- [http://www.vupen.com/english/advisories/2009/2929](http://www.vupen.com/english/advisories/2009/2929)\n- [http://www.vupen.com/english/advisories/2009/2930](http://www.vupen.com/english/advisories/2009/2930)\n- [http://www.openwall.com/lists/oss-security/2009/11/20/5](http://www.openwall.com/lists/oss-security/2009/11/20/5)\n- [https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199](https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11199)\n- [http://secunia.com/advisories/37069](http://secunia.com/advisories/37069)\n- [http://secunia.com/advisories/37080](http://secunia.com/advisories/37080)\n- [http://secunia.com/advisories/38055](http://secunia.com/advisories/38055)\n- [http://www.securityfocus.com/bid/36712](http://www.securityfocus.com/bid/36712)\n- [https://access.redhat.com/errata/RHSA-2010:0003](https://access.redhat.com/errata/RHSA-2010:0003)\n- [https://access.redhat.com/errata/RHSA-2010:0040](https://access.redhat.com/errata/RHSA-2010:0040)\n- [https://access.redhat.com/security/cve/CVE-2009-3546](https://access.redhat.com/security/cve/CVE-2009-3546)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=529213](https://bugzilla.redhat.com/show_bug.cgi?id=529213)\n- [http://www.mandriva.com/security/advisories?name=MDVSA-2009:285](http://www.mandriva.com/security/advisories?name=MDVSA-2009:285)\n- [http://www.redhat.com/support/errata/RHSA-2010-0003.html](http://www.redhat.com/support/errata/RHSA-2010-0003.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBWMF-1551447",
              "shortDescription": {
                "text": "Low severity - Numeric Errors vulnerability in libwmf"
              },
              "fullDescription": {
                "text": "(CVE-2007-3476) libwmf/libwmflite-0.2-7@0.2.12-5.1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libwmf` package and not the `libwmf` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nArray index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.\n## Remediation\nThere is no fixed version for `Debian:12` `libwmf`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2007-3476](https://security-tracker.debian.org/tracker/CVE-2007-3476)\n- [http://www.securityfocus.com/archive/1/478796/100/0/threaded](http://www.securityfocus.com/archive/1/478796/100/0/threaded)\n- [ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz](ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/gd-2.0.35-i486-1_slack11.0.tgz)\n- [http://bugs.libgd.org/?do=details&task_id=87](http://bugs.libgd.org/?do=details&task_id=87)\n- [https://issues.rpath.com/browse/RPL-1643](https://issues.rpath.com/browse/RPL-1643)\n- [http://www.debian.org/security/2008/dsa-1613](http://www.debian.org/security/2008/dsa-1613)\n- [http://fedoranews.org/updates/FEDORA-2007-205.shtml](http://fedoranews.org/updates/FEDORA-2007-205.shtml)\n- [http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html](http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00311.html)\n- [http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html](http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html)\n- [http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html](http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html)\n- [http://security.gentoo.org/glsa/glsa-200708-05.xml](http://security.gentoo.org/glsa/glsa-200708-05.xml)\n- [http://security.gentoo.org/glsa/glsa-200711-34.xml](http://security.gentoo.org/glsa/glsa-200711-34.xml)\n- [http://security.gentoo.org/glsa/glsa-200805-13.xml](http://security.gentoo.org/glsa/glsa-200805-13.xml)\n- [http://www.libgd.org/ReleaseNote020035](http://www.libgd.org/ReleaseNote020035)\n- [http://osvdb.org/37741](http://osvdb.org/37741)\n- [https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348](https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10348)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=277421](https://bugzilla.redhat.com/show_bug.cgi?id=277421)\n- [http://secunia.com/advisories/25860](http://secunia.com/advisories/25860)\n- [http://secunia.com/advisories/26272](http://secunia.com/advisories/26272)\n- [http://secunia.com/advisories/26390](http://secunia.com/advisories/26390)\n- [http://secunia.com/advisories/26415](http://secunia.com/advisories/26415)\n- [http://secunia.com/advisories/26467](http://secunia.com/advisories/26467)\n- [http://secunia.com/advisories/26663](http://secunia.com/advisories/26663)\n- [http://secunia.com/advisories/26766](http://secunia.com/advisories/26766)\n- [http://secunia.com/advisories/26856](http://secunia.com/advisories/26856)\n- [http://secunia.com/advisories/29157](http://secunia.com/advisories/29157)\n- [http://secunia.com/advisories/30168](http://secunia.com/advisories/30168)\n- [http://secunia.com/advisories/31168](http://secunia.com/advisories/31168)\n- [http://secunia.com/advisories/42813](http://secunia.com/advisories/42813)\n- [http://www.securityfocus.com/bid/24651](http://www.securityfocus.com/bid/24651)\n- [http://www.novell.com/linux/security/advisories/2007_15_sr.html](http://www.novell.com/linux/security/advisories/2007_15_sr.html)\n- [http://www.trustix.org/errata/2007/0024/](http://www.trustix.org/errata/2007/0024/)\n- [http://www.vupen.com/english/advisories/2011/0022](http://www.vupen.com/english/advisories/2011/0022)\n- [http://www.mandriva.com/security/advisories?name=MDKSA-2007:153](http://www.mandriva.com/security/advisories?name=MDKSA-2007:153)\n- [http://www.mandriva.com/security/advisories?name=MDKSA-2007:164](http://www.mandriva.com/security/advisories?name=MDKSA-2007:164)\n- [http://www.redhat.com/support/errata/RHSA-2008-0146.html](http://www.redhat.com/support/errata/RHSA-2008-0146.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-189",
                  "deb"
                ],
                "cvssv3_baseScore": 4.3,
                "security-severity": "4.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBXML2-5871333",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in libxml2"
              },
              "fullDescription": {
                "text": "(CVE-2023-39615) libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libxml2` package and not the `libxml2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nXmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.\n## Remediation\nThere is no fixed version for `Debian:12` `libxml2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-39615](https://security-tracker.debian.org/tracker/CVE-2023-39615)\n- [https://gitlab.gnome.org/GNOME/libxml2/-/issues/535](https://gitlab.gnome.org/GNOME/libxml2/-/issues/535)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBXML2-5947663",
              "shortDescription": {
                "text": "Low severity - Use After Free vulnerability in libxml2"
              },
              "fullDescription": {
                "text": "(CVE-2023-45322) libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libxml2` package and not the `libxml2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."\n## Remediation\nThere is no fixed version for `Debian:12` `libxml2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-45322](https://security-tracker.debian.org/tracker/CVE-2023-45322)\n- [http://www.openwall.com/lists/oss-security/2023/10/06/5](http://www.openwall.com/lists/oss-security/2023/10/06/5)\n- [https://gitlab.gnome.org/GNOME/libxml2/-/issues/344](https://gitlab.gnome.org/GNOME/libxml2/-/issues/344)\n- [https://gitlab.gnome.org/GNOME/libxml2/-/issues/583](https://gitlab.gnome.org/GNOME/libxml2/-/issues/583)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-416",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBXML2-6227803",
              "shortDescription": {
                "text": "Low severity - Use After Free vulnerability in libxml2"
              },
              "fullDescription": {
                "text": "(CVE-2024-25062) libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libxml2` package and not the `libxml2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.\n## Remediation\nThere is no fixed version for `Debian:12` `libxml2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-25062](https://security-tracker.debian.org/tracker/CVE-2024-25062)\n- [https://gitlab.gnome.org/GNOME/libxml2/-/issues/604](https://gitlab.gnome.org/GNOME/libxml2/-/issues/604)\n- [https://gitlab.gnome.org/GNOME/libxml2/-/tags](https://gitlab.gnome.org/GNOME/libxml2/-/tags)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-416",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBXML2-6839382",
              "shortDescription": {
                "text": "Low severity - CVE-2024-34459 vulnerability in libxml2"
              },
              "fullDescription": {
                "text": "(CVE-2024-34459) libxml2/libxml2-dev@2.9.14+dfsg-1.3~deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libxml2` package and not the `libxml2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.\n## Remediation\nThere is no fixed version for `Debian:12` `libxml2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-34459](https://security-tracker.debian.org/tracker/CVE-2024-34459)\n- [https://gitlab.gnome.org/GNOME/libxml2/-/issues/720](https://gitlab.gnome.org/GNOME/libxml2/-/issues/720)\n- [https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8)\n- [https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-LIBXSLT-1551290",
              "shortDescription": {
                "text": "Low severity - Use of Insufficiently Random Values vulnerability in libxslt"
              },
              "fullDescription": {
                "text": "(CVE-2015-9019) libxslt/libxslt1.1@1.1.35-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `libxslt` package and not the `libxslt` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.\n## Remediation\nThere is no fixed version for `Debian:12` `libxslt`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2015-9019](https://security-tracker.debian.org/tracker/CVE-2015-9019)\n- [https://bugzilla.gnome.org/show_bug.cgi?id=758400](https://bugzilla.gnome.org/show_bug.cgi?id=758400)\n- [https://bugzilla.suse.com/show_bug.cgi?id=934119](https://bugzilla.suse.com/show_bug.cgi?id=934119)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-9019](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-9019)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-330",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-M4-1553360",
              "shortDescription": {
                "text": "Low severity - CVE-2008-1688 vulnerability in m4"
              },
              "fullDescription": {
                "text": "(CVE-2008-1688) m4@1.4.19-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `m4` package and not the `m4` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nUnspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option.  NOTE: it is not clear when this issue crosses privilege boundaries.\n## Remediation\nThere is no fixed version for `Debian:12` `m4`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2008-1688](https://security-tracker.debian.org/tracker/CVE-2008-1688)\n- [http://osvdb.org/44272](http://osvdb.org/44272)\n- [http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612](http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612)\n- [http://www.vupen.com/english/advisories/2008/1151/references](http://www.vupen.com/english/advisories/2008/1151/references)\n- [http://xforce.iss.net/xforce/xfdb/41704](http://xforce.iss.net/xforce/xfdb/41704)\n- [http://www.openwall.com/lists/oss-security/2008/04/07/1](http://www.openwall.com/lists/oss-security/2008/04/07/1)\n- [http://www.openwall.com/lists/oss-security/2008/04/07/3](http://www.openwall.com/lists/oss-security/2008/04/07/3)\n- [http://secunia.com/advisories/29671](http://secunia.com/advisories/29671)\n- [http://secunia.com/advisories/29729](http://secunia.com/advisories/29729)\n- [http://www.securityfocus.com/bid/28688](http://www.securityfocus.com/bid/28688)\n- [https://exchange.xforce.ibmcloud.com/vulnerabilities/41704](https://exchange.xforce.ibmcloud.com/vulnerabilities/41704)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 7.3,
                "security-severity": "7.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-M4-1553473",
              "shortDescription": {
                "text": "Low severity - CVE-2008-1687 vulnerability in m4"
              },
              "fullDescription": {
                "text": "(CVE-2008-1687) m4@1.4.19-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `m4` package and not the `m4` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.\n## Remediation\nThere is no fixed version for `Debian:12` `m4`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2008-1687](https://security-tracker.debian.org/tracker/CVE-2008-1687)\n- [http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612](http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612)\n- [http://www.vupen.com/english/advisories/2008/1151/references](http://www.vupen.com/english/advisories/2008/1151/references)\n- [http://xforce.iss.net/xforce/xfdb/41706](http://xforce.iss.net/xforce/xfdb/41706)\n- [http://www.openwall.com/lists/oss-security/2008/04/07/1](http://www.openwall.com/lists/oss-security/2008/04/07/1)\n- [http://www.openwall.com/lists/oss-security/2008/04/07/12](http://www.openwall.com/lists/oss-security/2008/04/07/12)\n- [http://www.openwall.com/lists/oss-security/2008/04/07/3](http://www.openwall.com/lists/oss-security/2008/04/07/3)\n- [http://www.openwall.com/lists/oss-security/2008/04/07/4](http://www.openwall.com/lists/oss-security/2008/04/07/4)\n- [http://secunia.com/advisories/29671](http://secunia.com/advisories/29671)\n- [http://secunia.com/advisories/29729](http://secunia.com/advisories/29729)\n- [http://www.securityfocus.com/bid/28688](http://www.securityfocus.com/bid/28688)\n- [https://exchange.xforce.ibmcloud.com/vulnerabilities/41706](https://exchange.xforce.ibmcloud.com/vulnerabilities/41706)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 7.3,
                "security-severity": "7.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-MARIADB-6913415",
              "shortDescription": {
                "text": "Low severity - CVE-2024-21096 vulnerability in mariadb"
              },
              "fullDescription": {
                "text": "(CVE-2024-21096) mariadb/mariadb-common@1:10.11.6-0+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `mariadb` package and not the `mariadb` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump).  Supported versions that are affected are 8.0.36 and prior and  8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of MySQL Server accessible data as well as  unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).\n## Remediation\nThere is no fixed version for `Debian:12` `mariadb`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-21096](https://security-tracker.debian.org/tracker/CVE-2024-21096)\n- [https://www.oracle.com/security-alerts/cpuapr2024.html](https://www.oracle.com/security-alerts/cpuapr2024.html)\n- [https://security.netapp.com/advisory/ntap-20240426-0013/](https://security.netapp.com/advisory/ntap-20240426-0013/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFYBDWDBE4YICSV34LJZGYRVSG6QIRKE/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFYBDWDBE4YICSV34LJZGYRVSG6QIRKE/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKWVBZ6DBRFMLDXTHJUZ6LU7MJ5RTNA7/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKWVBZ6DBRFMLDXTHJUZ6LU7MJ5RTNA7/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 4.9,
                "security-severity": "4.9"
              }
            },
            {
              "id": "SNYK-DEBIAN12-NCURSES-6123823",
              "shortDescription": {
                "text": "Low severity - CVE-2023-50495 vulnerability in ncurses"
              },
              "fullDescription": {
                "text": "(CVE-2023-50495) ncurses/libncursesw6@6.4-4"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `ncurses` package and not the `ncurses` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nNCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().\n## Remediation\nThere is no fixed version for `Debian:12` `ncurses`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-50495](https://security-tracker.debian.org/tracker/CVE-2023-50495)\n- [https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html](https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html)\n- [https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html](https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html)\n- [https://security.netapp.com/advisory/ntap-20240119-0008/](https://security.netapp.com/advisory/ntap-20240119-0008/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-NCURSES-6252773",
              "shortDescription": {
                "text": "Low severity - CVE-2023-45918 vulnerability in ncurses"
              },
              "fullDescription": {
                "text": "(CVE-2023-45918) ncurses/libncursesw6@6.4-4"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `ncurses` package and not the `ncurses` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. NOTE: Multiple third parties have disputed this indicating upstream does not regard it as a security issue.\n## Remediation\nThere is no fixed version for `Debian:12` `ncurses`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-45918](https://security-tracker.debian.org/tracker/CVE-2023-45918)\n- [https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html](https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html)\n- [https://security.netapp.com/advisory/ntap-20240315-0006/](https://security.netapp.com/advisory/ntap-20240315-0006/)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2300290#c1](https://bugzilla.redhat.com/show_bug.cgi?id=2300290#c1)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-NGHTTP2-6541749",
              "shortDescription": {
                "text": "Low severity - CVE-2024-28182 vulnerability in nghttp2"
              },
              "fullDescription": {
                "text": "(CVE-2024-28182) nghttp2/libnghttp2-14@1.52.0-1+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `nghttp2` package and not the `nghttp2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nnghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync.  This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.\n## Remediation\nThere is no fixed version for `Debian:12` `nghttp2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-28182](https://security-tracker.debian.org/tracker/CVE-2024-28182)\n- [https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0](https://github.com/nghttp2/nghttp2/commit/00201ecd8f982da3b67d4f6868af72a1b03b14e0)\n- [https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9](https://github.com/nghttp2/nghttp2/commit/d71a4668c6bead55805d18810d633fbb98315af9)\n- [https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q](https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGOME6ZXJG7664IPQNVE3DL67E3YP3HY/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J6ZMXUGB66VAXDW5J6QSTHM5ET25FGSA/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXJO2EASHM2OQQLGVDY5ZSO7UVDVHTDK/)\n- [https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html](https://lists.debian.org/debian-lts-announce/2024/04/msg00026.html)\n- [http://www.openwall.com/lists/oss-security/2024/04/03/16](http://www.openwall.com/lists/oss-security/2024/04/03/16)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENEXR-1555478",
              "shortDescription": {
                "text": "Low severity - Resource Exhaustion vulnerability in openexr"
              },
              "fullDescription": {
                "text": "(CVE-2017-14988) openexr/libopenexr-3-1-30@3.1.5-5"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openexr` package and not the `openexr` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nHeader::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid\n## Remediation\nThere is no fixed version for `Debian:12` `openexr`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-14988](https://security-tracker.debian.org/tracker/CVE-2017-14988)\n- [https://github.com/openexr/openexr/issues/248](https://github.com/openexr/openexr/issues/248)\n- [http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html](http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00063.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-400",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENEXR-6227429",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in openexr"
              },
              "fullDescription": {
                "text": "(CVE-2023-5841) openexr/libopenexr-3-1-30@3.1.5-5"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openexr` package and not the `openexr` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nDue to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions v3.2.2 and v3.1.12 of the affected library.\n\n## Remediation\nThere is no fixed version for `Debian:12` `openexr`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-5841](https://security-tracker.debian.org/tracker/CVE-2023-5841)\n- [https://takeonme.org/cves/CVE-2023-5841.html](https://takeonme.org/cves/CVE-2023-5841.html)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSB6DB5LAKGPLRXEF5HDNGUMT7GIFT2C/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMINVKQLSUHECXBSQMZFCSDRIHFOJJI/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 9.1,
                "security-severity": "9.1"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENEXR-6594465",
              "shortDescription": {
                "text": "Low severity - CVE-2024-31047 vulnerability in openexr"
              },
              "fullDescription": {
                "text": "(CVE-2024-31047) openexr/libopenexr-3-1-30@3.1.5-5"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openexr` package and not the `openexr` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.\n## Remediation\nThere is no fixed version for `Debian:12` `openexr`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-31047](https://security-tracker.debian.org/tracker/CVE-2024-31047)\n- [https://github.com/AcademySoftwareFoundation/openexr/issues/1680](https://github.com/AcademySoftwareFoundation/openexr/issues/1680)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555599",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-9114) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThere is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-9114](https://security-tracker.debian.org/tracker/CVE-2016-9114)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/uclouvain/openjpeg/issues/857](https://github.com/uclouvain/openjpeg/issues/857)\n- [http://www.securityfocus.com/bid/93979](http://www.securityfocus.com/bid/93979)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9114](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9114)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555605",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-9116) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nNULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-9116](https://security-tracker.debian.org/tracker/CVE-2016-9116)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/uclouvain/openjpeg/issues/859](https://github.com/uclouvain/openjpeg/issues/859)\n- [http://www.securityfocus.com/bid/93975](http://www.securityfocus.com/bid/93975)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9116](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9116)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555606",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2018-16375) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-16375](https://security-tracker.debian.org/tracker/CVE-2018-16375)\n- [https://github.com/uclouvain/openjpeg/issues/1126](https://github.com/uclouvain/openjpeg/issues/1126)\n- [http://www.securityfocus.com/bid/105266](http://www.securityfocus.com/bid/105266)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16375](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16375)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555618",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2017-17479) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-17479](https://security-tracker.debian.org/tracker/CVE-2017-17479)\n- [https://github.com/uclouvain/openjpeg/issues/1044](https://github.com/uclouvain/openjpeg/issues/1044)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17479](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17479)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555638",
              "shortDescription": {
                "text": "Low severity - Improper Input Validation vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2018-20846) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nOut-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-20846](https://security-tracker.debian.org/tracker/CVE-2018-20846)\n- [https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc](https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc)\n- [http://www.securityfocus.com/bid/108921](http://www.securityfocus.com/bid/108921)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20846](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20846)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-20",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555659",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-10505) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nNULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-10505](https://security-tracker.debian.org/tracker/CVE-2016-10505)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/uclouvain/openjpeg/issues/776](https://github.com/uclouvain/openjpeg/issues/776)\n- [https://github.com/uclouvain/openjpeg/issues/784](https://github.com/uclouvain/openjpeg/issues/784)\n- [https://github.com/uclouvain/openjpeg/issues/785](https://github.com/uclouvain/openjpeg/issues/785)\n- [https://github.com/uclouvain/openjpeg/issues/792](https://github.com/uclouvain/openjpeg/issues/792)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555684",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-9581) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-9581](https://security-tracker.debian.org/tracker/CVE-2016-9581)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9581)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255](https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255)\n- [https://github.com/uclouvain/openjpeg/issues/872](https://github.com/uclouvain/openjpeg/issues/872)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9581)\n- [http://www.securityfocus.com/bid/94822](http://www.securityfocus.com/bid/94822)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "CWE-122",
                  "CWE-835",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555859",
              "shortDescription": {
                "text": "Low severity - Divide By Zero vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-10506) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nDivision-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-10506](https://security-tracker.debian.org/tracker/CVE-2016-10506)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b](https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b)\n- [https://github.com/uclouvain/openjpeg/issues/731](https://github.com/uclouvain/openjpeg/issues/731)\n- [https://github.com/uclouvain/openjpeg/issues/732](https://github.com/uclouvain/openjpeg/issues/732)\n- [https://github.com/uclouvain/openjpeg/issues/777](https://github.com/uclouvain/openjpeg/issues/777)\n- [https://github.com/uclouvain/openjpeg/issues/778](https://github.com/uclouvain/openjpeg/issues/778)\n- [https://github.com/uclouvain/openjpeg/issues/779](https://github.com/uclouvain/openjpeg/issues/779)\n- [https://github.com/uclouvain/openjpeg/issues/780](https://github.com/uclouvain/openjpeg/issues/780)\n- [http://www.securityfocus.com/bid/100573](http://www.securityfocus.com/bid/100573)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10506](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10506)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-369",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555862",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-9117) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nNULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-9117](https://security-tracker.debian.org/tracker/CVE-2016-9117)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/uclouvain/openjpeg/issues/860](https://github.com/uclouvain/openjpeg/issues/860)\n- [http://www.securityfocus.com/bid/93783](http://www.securityfocus.com/bid/93783)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9117](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9117)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555866",
              "shortDescription": {
                "text": "Low severity - Integer Overflow or Wraparound vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-9580) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-9580](https://security-tracker.debian.org/tracker/CVE-2016-9580)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9580)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255](https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255)\n- [https://github.com/uclouvain/openjpeg/issues/871](https://github.com/uclouvain/openjpeg/issues/871)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9580)\n- [http://www.securityfocus.com/bid/94822](http://www.securityfocus.com/bid/94822)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-190",
                  "CWE-122",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555892",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2018-16376) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-16376](https://security-tracker.debian.org/tracker/CVE-2018-16376)\n- [https://github.com/uclouvain/openjpeg/issues/1127](https://github.com/uclouvain/openjpeg/issues/1127)\n- [http://www.securityfocus.com/bid/105262](http://www.securityfocus.com/bid/105262)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16376](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-16376)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555911",
              "shortDescription": {
                "text": "Low severity - Allocation of Resources Without Limits or Throttling vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2019-6988) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-6988](https://security-tracker.debian.org/tracker/CVE-2019-6988)\n- [https://github.com/uclouvain/openjpeg/issues/1178](https://github.com/uclouvain/openjpeg/issues/1178)\n- [http://www.securityfocus.com/bid/106785](http://www.securityfocus.com/bid/106785)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6988](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6988)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-770",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1555936",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2021-3575) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-3575](https://security-tracker.debian.org/tracker/CVE-2021-3575)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/)\n- [https://access.redhat.com/errata/RHSA-2021:4251](https://access.redhat.com/errata/RHSA-2021:4251)\n- [https://access.redhat.com/security/cve/CVE-2021-3575](https://access.redhat.com/security/cve/CVE-2021-3575)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=1957616](https://bugzilla.redhat.com/show_bug.cgi?id=1957616)\n- [https://github.com/uclouvain/openjpeg/issues/1347](https://github.com/uclouvain/openjpeg/issues/1347)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/)\n- [https://ubuntu.com/security/CVE-2021-3575](https://ubuntu.com/security/CVE-2021-3575)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 7.8,
                "security-severity": "7.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1556010",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-9115) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nHeap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-9115](https://security-tracker.debian.org/tracker/CVE-2016-9115)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/uclouvain/openjpeg/issues/858](https://github.com/uclouvain/openjpeg/issues/858)\n- [http://www.securityfocus.com/bid/93977](http://www.securityfocus.com/bid/93977)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9115](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9115)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-1556013",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2016-9113) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThere is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-9113](https://security-tracker.debian.org/tracker/CVE-2016-9113)\n- [https://security.gentoo.org/glsa/201710-26](https://security.gentoo.org/glsa/201710-26)\n- [https://github.com/uclouvain/openjpeg/issues/856](https://github.com/uclouvain/openjpeg/issues/856)\n- [http://www.securityfocus.com/bid/93980](http://www.securityfocus.com/bid/93980)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9113](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9113)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-7427598",
              "shortDescription": {
                "text": "Low severity - Resource Exhaustion vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2023-39327) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-39327](https://security-tracker.debian.org/tracker/CVE-2023-39327)\n- [https://access.redhat.com/security/cve/CVE-2023-39327](https://access.redhat.com/security/cve/CVE-2023-39327)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2295812](https://bugzilla.redhat.com/show_bug.cgi?id=2295812)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-400",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-7427599",
              "shortDescription": {
                "text": "Low severity - Resource Exhaustion vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2023-39329) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-39329](https://security-tracker.debian.org/tracker/CVE-2023-39329)\n- [https://access.redhat.com/security/cve/CVE-2023-39329](https://access.redhat.com/security/cve/CVE-2023-39329)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2295816](https://bugzilla.redhat.com/show_bug.cgi?id=2295816)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-400",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENJPEG2-7428269",
              "shortDescription": {
                "text": "Low severity - Resource Exhaustion vulnerability in openjpeg2"
              },
              "fullDescription": {
                "text": "(CVE-2023-39328) openjpeg2/libopenjp2-7@2.5.0-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openjpeg2` package and not the `openjpeg2` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.\n## Remediation\nThere is no fixed version for `Debian:12` `openjpeg2`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-39328](https://security-tracker.debian.org/tracker/CVE-2023-39328)\n- [https://access.redhat.com/security/cve/CVE-2023-39328](https://access.redhat.com/security/cve/CVE-2023-39328)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2219236](https://bugzilla.redhat.com/show_bug.cgi?id=2219236)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-400",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENLDAP-1555631",
              "shortDescription": {
                "text": "Low severity - Improper Initialization vulnerability in openldap"
              },
              "fullDescription": {
                "text": "(CVE-2017-14159) openldap/libldap-2.5-0@2.5.13+dfsg-5"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openldap` package and not the `openldap` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nslapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.\n## Remediation\nThere is no fixed version for `Debian:12` `openldap`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-14159](https://security-tracker.debian.org/tracker/CVE-2017-14159)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159)\n- [http://www.openldap.org/its/index.cgi?findid=8703](http://www.openldap.org/its/index.cgi?findid=8703)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14159](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14159)\n- [https://www.oracle.com/security-alerts/cpuapr2022.html](https://www.oracle.com/security-alerts/cpuapr2022.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-665",
                  "deb"
                ],
                "cvssv3_baseScore": 4.7,
                "security-severity": "4.7"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENLDAP-1555724",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in openldap"
              },
              "fullDescription": {
                "text": "(CVE-2017-17740) openldap/libldap-2.5-0@2.5.13+dfsg-5"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openldap` package and not the `openldap` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\ncontrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.\n## Remediation\nThere is no fixed version for `Debian:12` `openldap`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-17740](https://security-tracker.debian.org/tracker/CVE-2017-17740)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740)\n- [http://www.openldap.org/its/index.cgi/Incoming?id=8759](http://www.openldap.org/its/index.cgi/Incoming?id=8759)\n- [http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html](http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html)\n- [http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html](http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html)\n- [https://kc.mcafee.com/corporate/index?page=content&id=SB10365](https://kc.mcafee.com/corporate/index?page=content&id=SB10365)\n- [https://www.oracle.com/security-alerts/cpuapr2022.html](https://www.oracle.com/security-alerts/cpuapr2022.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENLDAP-1555918",
              "shortDescription": {
                "text": "Low severity - Improper Certificate Validation vulnerability in openldap"
              },
              "fullDescription": {
                "text": "(CVE-2020-15719) openldap/libldap-2.5-0@2.5.13+dfsg-5"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openldap` package and not the `openldap` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.\n## Remediation\nThere is no fixed version for `Debian:12` `openldap`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2020-15719](https://security-tracker.debian.org/tracker/CVE-2020-15719)\n- [https://access.redhat.com/errata/RHBA-2019:3674](https://access.redhat.com/errata/RHBA-2019:3674)\n- [https://bugs.openldap.org/show_bug.cgi?id=9266](https://bugs.openldap.org/show_bug.cgi?id=9266)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=1740070](https://bugzilla.redhat.com/show_bug.cgi?id=1740070)\n- [http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html)\n- [http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html)\n- [https://kc.mcafee.com/corporate/index?page=content&id=SB10365](https://kc.mcafee.com/corporate/index?page=content&id=SB10365)\n- [https://www.oracle.com/security-alerts/cpuapr2022.html](https://www.oracle.com/security-alerts/cpuapr2022.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-295",
                  "deb"
                ],
                "cvssv3_baseScore": 4.2,
                "security-severity": "4.2"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENLDAP-1555941",
              "shortDescription": {
                "text": "Low severity - Cryptographic Issues vulnerability in openldap"
              },
              "fullDescription": {
                "text": "(CVE-2015-3276) openldap/libldap-2.5-0@2.5.13+dfsg-5"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openldap` package and not the `openldap` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.\n## Remediation\nThere is no fixed version for `Debian:12` `openldap`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2015-3276](https://security-tracker.debian.org/tracker/CVE-2015-3276)\n- [http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html](http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=1238322](https://bugzilla.redhat.com/show_bug.cgi?id=1238322)\n- [http://rhn.redhat.com/errata/RHSA-2015-2131.html](http://rhn.redhat.com/errata/RHSA-2015-2131.html)\n- [http://www.securitytracker.com/id/1034221](http://www.securitytracker.com/id/1034221)\n- [https://access.redhat.com/errata/RHSA-2015:2131](https://access.redhat.com/errata/RHSA-2015:2131)\n- [https://access.redhat.com/security/cve/CVE-2015-3276](https://access.redhat.com/security/cve/CVE-2015-3276)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-310",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENLDAP-5660620",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in openldap"
              },
              "fullDescription": {
                "text": "(CVE-2023-2953) openldap/libldap-2.5-0@2.5.13+dfsg-5"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openldap` package and not the `openldap` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.\n## Remediation\nThere is no fixed version for `Debian:12` `openldap`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-2953](https://security-tracker.debian.org/tracker/CVE-2023-2953)\n- [https://access.redhat.com/security/cve/CVE-2023-2953](https://access.redhat.com/security/cve/CVE-2023-2953)\n- [https://bugs.openldap.org/show_bug.cgi?id=9904](https://bugs.openldap.org/show_bug.cgi?id=9904)\n- [http://seclists.org/fulldisclosure/2023/Jul/47](http://seclists.org/fulldisclosure/2023/Jul/47)\n- [http://seclists.org/fulldisclosure/2023/Jul/48](http://seclists.org/fulldisclosure/2023/Jul/48)\n- [http://seclists.org/fulldisclosure/2023/Jul/52](http://seclists.org/fulldisclosure/2023/Jul/52)\n- [https://security.netapp.com/advisory/ntap-20230703-0005/](https://security.netapp.com/advisory/ntap-20230703-0005/)\n- [https://support.apple.com/kb/HT213843](https://support.apple.com/kb/HT213843)\n- [https://support.apple.com/kb/HT213844](https://support.apple.com/kb/HT213844)\n- [https://support.apple.com/kb/HT213845](https://support.apple.com/kb/HT213845)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-1555751",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2007-2768) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nOpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2007-2768](https://security-tracker.debian.org/tracker/CVE-2007-2768)\n- [http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html](http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0635.html)\n- [https://security.netapp.com/advisory/ntap-20191107-0002/](https://security.netapp.com/advisory/ntap-20191107-0002/)\n- [http://www.osvdb.org/34601](http://www.osvdb.org/34601)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-200",
                  "deb"
                ],
                "cvssv3_baseScore": 4.3,
                "security-severity": "4.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-1555766",
              "shortDescription": {
                "text": "Low severity - Access Restriction Bypass vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2008-3234) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nsshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2008-3234](https://security-tracker.debian.org/tracker/CVE-2008-3234)\n- [https://www.exploit-db.com/exploits/6094](https://www.exploit-db.com/exploits/6094)\n- [http://www.securityfocus.com/bid/30276](http://www.securityfocus.com/bid/30276)\n- [https://exchange.xforce.ibmcloud.com/vulnerabilities/44037](https://exchange.xforce.ibmcloud.com/vulnerabilities/44037)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-264",
                  "deb"
                ],
                "cvssv3_baseScore": 6.3,
                "security-severity": "6.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-1556004",
              "shortDescription": {
                "text": "Low severity - Improper Authentication vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2007-2243) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nOpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2007-2243](https://security-tracker.debian.org/tracker/CVE-2007-2243)\n- [https://security.netapp.com/advisory/ntap-20191107-0003/](https://security.netapp.com/advisory/ntap-20191107-0003/)\n- [http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html](http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053906.html)\n- [http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html](http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html)\n- [http://securityreason.com/securityalert/2631](http://securityreason.com/securityalert/2631)\n- [http://www.securityfocus.com/bid/23601](http://www.securityfocus.com/bid/23601)\n- [https://exchange.xforce.ibmcloud.com/vulnerabilities/33794](https://exchange.xforce.ibmcloud.com/vulnerabilities/33794)\n- [http://www.osvdb.org/34600](http://www.osvdb.org/34600)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-287",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-1556046",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2020-14145) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2020-14145](https://security-tracker.debian.org/tracker/CVE-2020-14145)\n- [https://security.netapp.com/advisory/ntap-20200709-0004/](https://security.netapp.com/advisory/ntap-20200709-0004/)\n- [https://security.gentoo.org/glsa/202105-35](https://security.gentoo.org/glsa/202105-35)\n- [https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d](https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d)\n- [https://docs.ssh-mitm.at/CVE-2020-14145.html](https://docs.ssh-mitm.at/CVE-2020-14145.html)\n- [https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1](https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1)\n- [https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py](https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py)\n- [https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/](https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/)\n- [http://www.openwall.com/lists/oss-security/2020/12/02/1](http://www.openwall.com/lists/oss-security/2020/12/02/1)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-200",
                  "deb"
                ],
                "cvssv3_baseScore": 5.9,
                "security-severity": "5.9"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-1556049",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2018-15919) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nRemotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-15919](https://security-tracker.debian.org/tracker/CVE-2018-15919)\n- [https://security.netapp.com/advisory/ntap-20181221-0001/](https://security.netapp.com/advisory/ntap-20181221-0001/)\n- [http://seclists.org/oss-sec/2018/q3/180](http://seclists.org/oss-sec/2018/q3/180)\n- [http://www.securityfocus.com/bid/105163](http://www.securityfocus.com/bid/105163)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15919](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-15919)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-200",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-1556053",
              "shortDescription": {
                "text": "Low severity - Inappropriate Encoding for Output Context vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2019-6110) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2019-6110](https://security-tracker.debian.org/tracker/CVE-2019-6110)\n- [https://www.exploit-db.com/exploits/46193/](https://www.exploit-db.com/exploits/46193/)\n- [https://security.gentoo.org/glsa/201903-16](https://security.gentoo.org/glsa/201903-16)\n- [https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c](https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c)\n- [https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c](https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c)\n- [https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt](https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt)\n- [https://security.netapp.com/advisory/ntap-20190213-0001/](https://security.netapp.com/advisory/ntap-20190213-0001/)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6110](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-6110)\n- [https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf)\n- [https://www.exploit-db.com/exploits/46516](https://www.exploit-db.com/exploits/46516)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-838",
                  "deb"
                ],
                "cvssv3_baseScore": 6.8,
                "security-severity": "6.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-1556262",
              "shortDescription": {
                "text": "Low severity - OS Command Injection vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2020-15778) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nscp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2020-15778](https://security-tracker.debian.org/tracker/CVE-2020-15778)\n- [https://security.netapp.com/advisory/ntap-20200731-0007/](https://security.netapp.com/advisory/ntap-20200731-0007/)\n- [https://github.com/cpandya2909/CVE-2020-15778/](https://github.com/cpandya2909/CVE-2020-15778/)\n- [https://news.ycombinator.com/item?id=25005567](https://news.ycombinator.com/item?id=25005567)\n- [https://www.openssh.com/security.html](https://www.openssh.com/security.html)\n- [https://github.com/cpandya2909/CVE-2020-15778#example](https://github.com/cpandya2909/CVE-2020-15778#example)\n- [https://security.gentoo.org/glsa/202212-06](https://security.gentoo.org/glsa/202212-06)\n- [https://access.redhat.com/errata/RHSA-2024:3166](https://access.redhat.com/errata/RHSA-2024:3166)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-78",
                  "deb"
                ],
                "cvssv3_baseScore": 7.8,
                "security-severity": "7.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-1585651",
              "shortDescription": {
                "text": "Low severity - CVE-2016-20012 vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2016-20012) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nOpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2016-20012](https://security-tracker.debian.org/tracker/CVE-2016-20012)\n- [https://security.netapp.com/advisory/ntap-20211014-0005/](https://security.netapp.com/advisory/ntap-20211014-0005/)\n- [https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265](https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265)\n- [https://github.com/openssh/openssh-portable/pull/270](https://github.com/openssh/openssh-portable/pull/270)\n- [https://rushter.com/blog/public-ssh-keys/](https://rushter.com/blog/public-ssh-keys/)\n- [https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak](https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak)\n- [https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097](https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097)\n- [https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185](https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185)\n- [https://www.openwall.com/lists/oss-security/2018/08/24/1](https://www.openwall.com/lists/oss-security/2018/08/24/1)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSH-6139205",
              "shortDescription": {
                "text": "Low severity - CVE-2023-51767 vulnerability in openssh"
              },
              "fullDescription": {
                "text": "(CVE-2023-51767) openssh/openssh-client@1:9.2p1-2+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssh` package and not the `openssh` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nOpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.\n## Remediation\nThere is no fixed version for `Debian:12` `openssh`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-51767](https://security-tracker.debian.org/tracker/CVE-2023-51767)\n- [https://access.redhat.com/security/cve/CVE-2023-51767](https://access.redhat.com/security/cve/CVE-2023-51767)\n- [https://arxiv.org/abs/2309.02545](https://arxiv.org/abs/2309.02545)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2255850](https://bugzilla.redhat.com/show_bug.cgi?id=2255850)\n- [https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77](https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77)\n- [https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878](https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878)\n- [https://security.netapp.com/advisory/ntap-20240125-0006/](https://security.netapp.com/advisory/ntap-20240125-0006/)\n- [https://ubuntu.com/security/CVE-2023-51767](https://ubuntu.com/security/CVE-2023-51767)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 7,
                "security-severity": "7"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSL-7411350",
              "shortDescription": {
                "text": "Low severity - CVE-2024-5535 vulnerability in openssl"
              },
              "fullDescription": {
                "text": "(CVE-2024-5535) openssl@3.0.14-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIssue summary: Calling the OpenSSL API function SSL_select_next_proto with an\nempty supported client protocols buffer may cause a crash or memory contents to\nbe sent to the peer.\n\nImpact summary: A buffer overread can have a range of potential consequences\nsuch as unexpected application beahviour or a crash. In particular this issue\ncould result in up to 255 bytes of arbitrary private data from memory being sent\nto the peer leading to a loss of confidentiality. However, only applications\nthat directly call the SSL_select_next_proto function with a 0 length list of\nsupported client protocols are affected by this issue. This would normally never\nbe a valid scenario and is typically not under attacker control but may occur by\naccident in the case of a configuration or programming error in the calling\napplication.\n\nThe OpenSSL API function SSL_select_next_proto is typically used by TLS\napplications that support ALPN (Application Layer Protocol Negotiation) or NPN\n(Next Protocol Negotiation). NPN is older, was never standardised and\nis deprecated in favour of ALPN. We believe that ALPN is significantly more\nwidely deployed than NPN. The SSL_select_next_proto function accepts a list of\nprotocols from the server and a list of protocols from the client and returns\nthe first protocol that appears in the server list that also appears in the\nclient list. In the case of no overlap between the two lists it returns the\nfirst item in the client list. In either case it will signal whether an overlap\nbetween the two lists was found. In the case where SSL_select_next_proto is\ncalled with a zero length client list it fails to notice this condition and\nreturns the memory immediately following the client list pointer (and reports\nthat there was no overlap in the lists).\n\nThis function is typically called from a server side application callback for\nALPN or a client side application callback for NPN. In the case of ALPN the list\nof protocols supplied by the client is guaranteed by libssl to never be zero in\nlength. The list of server protocols comes from the application and should never\nnormally be expected to be of zero length. In this case if the\nSSL_select_next_proto function has been called as expected (with the list\nsupplied by the client passed in the client/client_len parameters), then the\napplication will not be vulnerable to this issue. If the application has\naccidentally been configured with a zero length server list, and has\naccidentally passed that zero length server list in the client/client_len\nparameters, and has additionally failed to correctly handle a "no overlap"\nresponse (which would normally result in a handshake failure in ALPN) then it\nwill be vulnerable to this problem.\n\nIn the case of NPN, the protocol permits the client to opportunistically select\na protocol when there is no overlap. OpenSSL returns the first client protocol\nin the no overlap case in support of this. The list of client protocols comes\nfrom the application and should never normally be expected to be of zero length.\nHowever if the SSL_select_next_proto function is accidentally called with a\nclient_len of 0 then an invalid memory pointer will be returned instead. If the\napplication uses this output as the opportunistic protocol then the loss of\nconfidentiality will occur.\n\nThis issue has been assessed as Low severity because applications are most\nlikely to be vulnerable if they are using NPN instead of ALPN - but NPN is not\nwidely used. It also requires an application configuration or programming error.\nFinally, this issue would not typically be under attacker control making active\nexploitation unlikely.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n\nDue to the low severity of this issue we are not issuing new releases of\nOpenSSL at this time. The fix will be included in the next releases when they\nbecome available.\n## Remediation\nThere is no fixed version for `Debian:12` `openssl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-5535](https://security-tracker.debian.org/tracker/CVE-2024-5535)\n- [https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37](https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37)\n- [https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e](https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e)\n- [https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c](https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c)\n- [https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c](https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c)\n- [https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c](https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c)\n- [https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87](https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87)\n- [https://www.openssl.org/news/secadv/20240627.txt](https://www.openssl.org/news/secadv/20240627.txt)\n- [http://www.openwall.com/lists/oss-security/2024/06/27/1](http://www.openwall.com/lists/oss-security/2024/06/27/1)\n- [http://www.openwall.com/lists/oss-security/2024/06/28/4](http://www.openwall.com/lists/oss-security/2024/06/28/4)\n- [https://security.netapp.com/advisory/ntap-20240712-0005/](https://security.netapp.com/advisory/ntap-20240712-0005/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-OPENSSL-8229893",
              "shortDescription": {
                "text": "Low severity - CVE-2024-9143 vulnerability in openssl"
              },
              "fullDescription": {
                "text": "(CVE-2024-9143) openssl@3.0.14-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `openssl` package and not the `openssl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIssue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted\nexplicit values for the field polynomial can lead to out-of-bounds memory reads\nor writes.\n\nImpact summary: Out of bound memory writes can lead to an application crash or\neven a possibility of a remote code execution, however, in all the protocols\ninvolving Elliptic Curve Cryptography that we're aware of, either only "named\ncurves" are supported, or, if explicit curve parameters are supported, they\nspecify an X9.62 encoding of binary (GF(2^m)) curves that can't represent\nproblematic input values. Thus the likelihood of existence of a vulnerable\napplication is low.\n\nIn particular, the X9.62 encoding is used for ECC keys in X.509 certificates,\nso problematic inputs cannot occur in the context of processing X.509\ncertificates.  Any problematic use-cases would have to be using an "exotic"\ncurve encoding.\n\nThe affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),\nand various supporting BN_GF2m_*() functions.\n\nApplications working with "exotic" explicit binary (GF(2^m)) curve parameters,\nthat make it possible to represent invalid field polynomials with a zero\nconstant term, via the above or similar APIs, may terminate abruptly as a\nresult of reading or writing outside of array bounds.  Remote code execution\ncannot easily be ruled out.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.\n## Remediation\nThere is no fixed version for `Debian:12` `openssl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-9143](https://security-tracker.debian.org/tracker/CVE-2024-9143)\n- [https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712](https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712)\n- [https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700](https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700)\n- [https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4](https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4)\n- [https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154](https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154)\n- [https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a](https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a)\n- [https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41](https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41)\n- [https://openssl-library.org/news/secadv/20241016.txt](https://openssl-library.org/news/secadv/20241016.txt)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PAM-6178914",
              "shortDescription": {
                "text": "Low severity - CVE-2024-22365 vulnerability in pam"
              },
              "fullDescription": {
                "text": "(CVE-2024-22365) pam/libpam0g@1.5.2-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `pam` package and not the `pam` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.\n## Remediation\nThere is no fixed version for `Debian:12` `pam`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-22365](https://security-tracker.debian.org/tracker/CVE-2024-22365)\n- [http://www.openwall.com/lists/oss-security/2024/01/18/3](http://www.openwall.com/lists/oss-security/2024/01/18/3)\n- [https://github.com/linux-pam/linux-pam](https://github.com/linux-pam/linux-pam)\n- [https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb](https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb)\n- [https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0](https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PAM-8303301",
              "shortDescription": {
                "text": "Low severity - CVE-2024-10041 vulnerability in pam"
              },
              "fullDescription": {
                "text": "(CVE-2024-10041) pam/libpam0g@1.5.2-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `pam` package and not the `pam` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.\n## Remediation\nThere is no fixed version for `Debian:12` `pam`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-10041](https://security-tracker.debian.org/tracker/CVE-2024-10041)\n- [https://access.redhat.com/security/cve/CVE-2024-10041](https://access.redhat.com/security/cve/CVE-2024-10041)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2319212](https://bugzilla.redhat.com/show_bug.cgi?id=2319212)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 4.7,
                "security-severity": "4.7"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PATCH-1556285",
              "shortDescription": {
                "text": "Low severity - Directory Traversal vulnerability in patch"
              },
              "fullDescription": {
                "text": "(CVE-2010-4651) patch@2.7.6-7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `patch` package and not the `patch` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nDirectory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.\n## Remediation\nThere is no fixed version for `Debian:12` `patch`.\n## References\n- [http://support.apple.com/kb/HT4723](http://support.apple.com/kb/HT4723)\n- [http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html](http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html)\n- [https://security-tracker.debian.org/tracker/CVE-2010-4651](https://security-tracker.debian.org/tracker/CVE-2010-4651)\n- [http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html](http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html)\n- [http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html](http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html)\n- [http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1](http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1)\n- [http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html](http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html)\n- [http://www.vupen.com/english/advisories/2011/0600](http://www.vupen.com/english/advisories/2011/0600)\n- [http://openwall.com/lists/oss-security/2011/01/05/10](http://openwall.com/lists/oss-security/2011/01/05/10)\n- [http://openwall.com/lists/oss-security/2011/01/06/19](http://openwall.com/lists/oss-security/2011/01/06/19)\n- [http://openwall.com/lists/oss-security/2011/01/06/20](http://openwall.com/lists/oss-security/2011/01/06/20)\n- [http://openwall.com/lists/oss-security/2011/01/06/21](http://openwall.com/lists/oss-security/2011/01/06/21)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=667529](https://bugzilla.redhat.com/show_bug.cgi?id=667529)\n- [http://secunia.com/advisories/43663](http://secunia.com/advisories/43663)\n- [http://secunia.com/advisories/43677](http://secunia.com/advisories/43677)\n- [http://www.securityfocus.com/bid/46768](http://www.securityfocus.com/bid/46768)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-4651](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2010-4651)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-22",
                  "deb"
                ],
                "cvssv3_baseScore": 5.4,
                "security-severity": "5.4"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PATCH-1556552",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in patch"
              },
              "fullDescription": {
                "text": "(CVE-2018-6951) patch@2.7.6-7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `patch` package and not the `patch` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.\n## Remediation\nThere is no fixed version for `Debian:12` `patch`.\n## References\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6951](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6951)\n- [https://security-tracker.debian.org/tracker/CVE-2018-6951](https://security-tracker.debian.org/tracker/CVE-2018-6951)\n- [https://security.gentoo.org/glsa/201904-17](https://security.gentoo.org/glsa/201904-17)\n- [https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a](https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a)\n- [https://savannah.gnu.org/bugs/index.php?53132](https://savannah.gnu.org/bugs/index.php?53132)\n- [http://www.securityfocus.com/bid/103044](http://www.securityfocus.com/bid/103044)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6951](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6951)\n- [https://usn.ubuntu.com/3624-1/](https://usn.ubuntu.com/3624-1/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PATCH-1556555",
              "shortDescription": {
                "text": "Low severity - Double Free vulnerability in patch"
              },
              "fullDescription": {
                "text": "(CVE-2018-6952) patch@2.7.6-7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `patch` package and not the `patch` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.\n## Remediation\nThere is no fixed version for `Debian:12` `patch`.\n## References\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952)\n- [https://security-tracker.debian.org/tracker/CVE-2018-6952](https://security-tracker.debian.org/tracker/CVE-2018-6952)\n- [https://security.gentoo.org/glsa/201904-17](https://security.gentoo.org/glsa/201904-17)\n- [https://savannah.gnu.org/bugs/index.php?53133](https://savannah.gnu.org/bugs/index.php?53133)\n- [https://access.redhat.com/errata/RHSA-2019:2033](https://access.redhat.com/errata/RHSA-2019:2033)\n- [http://www.securityfocus.com/bid/103047](http://www.securityfocus.com/bid/103047)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6952)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-415",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PATCH-2324793",
              "shortDescription": {
                "text": "Low severity - Release of Invalid Pointer or Reference vulnerability in patch"
              },
              "fullDescription": {
                "text": "(CVE-2021-45261) patch@2.7.6-7"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `patch` package and not the `patch` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.\n## Remediation\nThere is no fixed version for `Debian:12` `patch`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-45261](https://security-tracker.debian.org/tracker/CVE-2021-45261)\n- [https://savannah.gnu.org/bugs/?61685](https://savannah.gnu.org/bugs/?61685)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-763",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PERL-1556505",
              "shortDescription": {
                "text": "Low severity - Link Following vulnerability in perl"
              },
              "fullDescription": {
                "text": "(CVE-2011-4116) perl/perl-modules-5.36@5.36.0-7+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `perl` package and not the `perl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\n_is_safe in the File::Temp module for Perl does not properly handle symlinks.\n## Remediation\nThere is no fixed version for `Debian:12` `perl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2011-4116](https://security-tracker.debian.org/tracker/CVE-2011-4116)\n- [https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14](https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14)\n- [https://rt.cpan.org/Public/Bug/Display.html?id=69106](https://rt.cpan.org/Public/Bug/Display.html?id=69106)\n- [https://seclists.org/oss-sec/2011/q4/238](https://seclists.org/oss-sec/2011/q4/238)\n- [http://www.openwall.com/lists/oss-security/2011/11/04/2](http://www.openwall.com/lists/oss-security/2011/11/04/2)\n- [http://www.openwall.com/lists/oss-security/2011/11/04/4](http://www.openwall.com/lists/oss-security/2011/11/04/4)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-59",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PERL-5489184",
              "shortDescription": {
                "text": "Low severity - Improper Certificate Validation vulnerability in perl"
              },
              "fullDescription": {
                "text": "(CVE-2023-31486) perl/perl-modules-5.36@5.36.0-7+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `perl` package and not the `perl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nHTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.\n## Remediation\nThere is no fixed version for `Debian:12` `perl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31486](https://security-tracker.debian.org/tracker/CVE-2023-31486)\n- [http://www.openwall.com/lists/oss-security/2023/04/29/1](http://www.openwall.com/lists/oss-security/2023/04/29/1)\n- [http://www.openwall.com/lists/oss-security/2023/05/03/3](http://www.openwall.com/lists/oss-security/2023/05/03/3)\n- [http://www.openwall.com/lists/oss-security/2023/05/03/5](http://www.openwall.com/lists/oss-security/2023/05/03/5)\n- [http://www.openwall.com/lists/oss-security/2023/05/07/2](http://www.openwall.com/lists/oss-security/2023/05/07/2)\n- [https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/](https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/)\n- [https://hackeriet.github.io/cpan-http-tiny-overview/](https://hackeriet.github.io/cpan-http-tiny-overview/)\n- [https://www.openwall.com/lists/oss-security/2023/04/18/14](https://www.openwall.com/lists/oss-security/2023/04/18/14)\n- [https://www.openwall.com/lists/oss-security/2023/05/03/4](https://www.openwall.com/lists/oss-security/2023/05/03/4)\n- [https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/](https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/)\n- [https://github.com/chansen/p5-http-tiny/pull/153](https://github.com/chansen/p5-http-tiny/pull/153)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-295",
                  "deb"
                ],
                "cvssv3_baseScore": 8.1,
                "security-severity": "8.1"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PERL-5489190",
              "shortDescription": {
                "text": "Low severity - Improper Certificate Validation vulnerability in perl"
              },
              "fullDescription": {
                "text": "(CVE-2023-31484) perl/perl-modules-5.36@5.36.0-7+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `perl` package and not the `perl` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nCPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.\n## Remediation\nThere is no fixed version for `Debian:12` `perl`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31484](https://security-tracker.debian.org/tracker/CVE-2023-31484)\n- [http://www.openwall.com/lists/oss-security/2023/04/29/1](http://www.openwall.com/lists/oss-security/2023/04/29/1)\n- [http://www.openwall.com/lists/oss-security/2023/05/03/3](http://www.openwall.com/lists/oss-security/2023/05/03/3)\n- [http://www.openwall.com/lists/oss-security/2023/05/03/5](http://www.openwall.com/lists/oss-security/2023/05/03/5)\n- [http://www.openwall.com/lists/oss-security/2023/05/07/2](http://www.openwall.com/lists/oss-security/2023/05/07/2)\n- [https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/](https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/)\n- [https://github.com/andk/cpanpm/pull/175](https://github.com/andk/cpanpm/pull/175)\n- [https://metacpan.org/dist/CPAN/changes](https://metacpan.org/dist/CPAN/changes)\n- [https://www.openwall.com/lists/oss-security/2023/04/18/14](https://www.openwall.com/lists/oss-security/2023/04/18/14)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/)\n- [https://security.netapp.com/advisory/ntap-20240621-0007/](https://security.netapp.com/advisory/ntap-20240621-0007/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-295",
                  "deb"
                ],
                "cvssv3_baseScore": 8.1,
                "security-severity": "8.1"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PIXMAN-5803155",
              "shortDescription": {
                "text": "Low severity - Divide By Zero vulnerability in pixman"
              },
              "fullDescription": {
                "text": "(CVE-2023-37769) pixman/libpixman-1-0@0.42.2-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `pixman` package and not the `pixman` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nstress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.\n## Remediation\nThere is no fixed version for `Debian:12` `pixman`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-37769](https://security-tracker.debian.org/tracker/CVE-2023-37769)\n- [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-369",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PROCPS-5816466",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in procps"
              },
              "fullDescription": {
                "text": "(CVE-2023-4016) procps/libproc2-0@2:4.0.2-3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `procps` package and not the `procps` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nUnder some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.\n## Remediation\nThere is no fixed version for `Debian:12` `procps`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-4016](https://security-tracker.debian.org/tracker/CVE-2023-4016)\n- [https://gitlab.com/procps-ng/procps](https://gitlab.com/procps-ng/procps)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUETRRT24OFGPYK6ACPM5VUGHNKH5CQ5/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 3.3,
                "security-severity": "3.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PYTHON311-5430932",
              "shortDescription": {
                "text": "Low severity - Improper Input Validation vulnerability in python3.11"
              },
              "fullDescription": {
                "text": "(CVE-2023-27043) python3.11/libpython3.11-stdlib@3.11.2-6+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `python3.11` package and not the `python3.11` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThe email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.\n## Remediation\nThere is no fixed version for `Debian:12` `python3.11`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-27043](https://security-tracker.debian.org/tracker/CVE-2023-27043)\n- [http://python.com](http://python.com)\n- [https://github.com/python/cpython/issues/102988](https://github.com/python/cpython/issues/102988)\n- [http://python.org](http://python.org)\n- [https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html](https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html)\n- [https://security.netapp.com/advisory/ntap-20230601-0003/](https://security.netapp.com/advisory/ntap-20230601-0003/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/)\n- [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-20",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PYTHON311-7578119",
              "shortDescription": {
                "text": "Low severity - CVE-2024-6923 vulnerability in python3.11"
              },
              "fullDescription": {
                "text": "(CVE-2024-6923) python3.11/libpython3.11-stdlib@3.11.2-6+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `python3.11` package and not the `python3.11` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThere is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.\n## Remediation\nThere is no fixed version for `Debian:12` `python3.11`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-6923](https://security-tracker.debian.org/tracker/CVE-2024-6923)\n- [https://github.com/python/cpython/issues/121650](https://github.com/python/cpython/issues/121650)\n- [https://github.com/python/cpython/pull/122233](https://github.com/python/cpython/pull/122233)\n- [https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/](https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/)\n- [https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7](https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7)\n- [https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0](https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0)\n- [https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147](https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147)\n- [https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1](https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1)\n- [https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6](https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6)\n- [https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533](https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PYTHON311-7707942",
              "shortDescription": {
                "text": "Low severity - Inefficient Regular Expression Complexity vulnerability in python3.11"
              },
              "fullDescription": {
                "text": "(CVE-2024-7592) python3.11/libpython3.11-stdlib@3.11.2-6+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `python3.11` package and not the `python3.11` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThere is a LOW severity vulnerability affecting CPython, specifically the\n'http.cookies' standard library module.\n\n\nWhen parsing cookies that contained backslashes for quoted characters in\nthe cookie value, the parser would use an algorithm with quadratic\ncomplexity, resulting in excess CPU resources being used while parsing the\nvalue.\n## Remediation\nThere is no fixed version for `Debian:12` `python3.11`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-7592](https://security-tracker.debian.org/tracker/CVE-2024-7592)\n- [https://github.com/python/cpython/issues/123067](https://github.com/python/cpython/issues/123067)\n- [https://github.com/python/cpython/pull/123075](https://github.com/python/cpython/pull/123075)\n- [https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/](https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/)\n- [https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621](https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621)\n- [https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1](https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1)\n- [https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06](https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06)\n- [https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a](https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a)\n- [https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f](https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f)\n- [https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774](https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-1333",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PYTHON311-7886332",
              "shortDescription": {
                "text": "Low severity - Inefficient Regular Expression Complexity vulnerability in python3.11"
              },
              "fullDescription": {
                "text": "(CVE-2024-6232) python3.11/libpython3.11-stdlib@3.11.2-6+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `python3.11` package and not the `python3.11` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nThere is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.\n## Remediation\nThere is no fixed version for `Debian:12` `python3.11`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-6232](https://security-tracker.debian.org/tracker/CVE-2024-6232)\n- [https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06](https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06)\n- [https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4](https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4)\n- [https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf](https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf)\n- [https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373](https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373)\n- [https://github.com/python/cpython/issues/121285](https://github.com/python/cpython/issues/121285)\n- [https://github.com/python/cpython/pull/121286](https://github.com/python/cpython/pull/121286)\n- [https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/](https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/)\n- [https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d](https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d)\n- [https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877](https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-1333",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-PYTHON311-8305721",
              "shortDescription": {
                "text": "Low severity - CVE-2024-9287 vulnerability in python3.11"
              },
              "fullDescription": {
                "text": "(CVE-2024-9287) python3.11/libpython3.11-stdlib@3.11.2-6+deb12u3"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `python3.11` package and not the `python3.11` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.\n## Remediation\nThere is no fixed version for `Debian:12` `python3.11`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-9287](https://security-tracker.debian.org/tracker/CVE-2024-9287)\n- [https://github.com/python/cpython/issues/124651](https://github.com/python/cpython/issues/124651)\n- [https://github.com/python/cpython/pull/124712](https://github.com/python/cpython/pull/124712)\n- [https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/](https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/)\n- [https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483](https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": null,
                "security-severity": "null"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SHADOW-1559391",
              "shortDescription": {
                "text": "Low severity - Access Restriction Bypass vulnerability in shadow"
              },
              "fullDescription": {
                "text": "(CVE-2007-5686) shadow/passwd@1:4.13+dfsg1-1+b1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `shadow` package and not the `shadow` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\ninitscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.\n## Remediation\nThere is no fixed version for `Debian:12` `shadow`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2007-5686](https://security-tracker.debian.org/tracker/CVE-2007-5686)\n- [http://www.securityfocus.com/archive/1/482129/100/100/threaded](http://www.securityfocus.com/archive/1/482129/100/100/threaded)\n- [http://www.securityfocus.com/archive/1/482857/100/0/threaded](http://www.securityfocus.com/archive/1/482857/100/0/threaded)\n- [https://issues.rpath.com/browse/RPL-1825](https://issues.rpath.com/browse/RPL-1825)\n- [http://secunia.com/advisories/27215](http://secunia.com/advisories/27215)\n- [http://www.securityfocus.com/bid/26048](http://www.securityfocus.com/bid/26048)\n- [http://www.vupen.com/english/advisories/2007/3474](http://www.vupen.com/english/advisories/2007/3474)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-264",
                  "deb"
                ],
                "cvssv3_baseScore": 6.2,
                "security-severity": "6.2"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SHADOW-5423923",
              "shortDescription": {
                "text": "Low severity - Arbitrary Code Injection vulnerability in shadow"
              },
              "fullDescription": {
                "text": "(CVE-2023-29383) shadow/passwd@1:4.13+dfsg1-1+b1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `shadow` package and not the `shadow` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.\n## Remediation\nThere is no fixed version for `Debian:12` `shadow`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-29383](https://security-tracker.debian.org/tracker/CVE-2023-29383)\n- [https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d](https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d)\n- [https://github.com/shadow-maint/shadow/pull/687](https://github.com/shadow-maint/shadow/pull/687)\n- [https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/)\n- [https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797](https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-74",
                  "deb"
                ],
                "cvssv3_baseScore": 3.3,
                "security-severity": "3.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SHADOW-5879156",
              "shortDescription": {
                "text": "Low severity - Improper Authentication vulnerability in shadow"
              },
              "fullDescription": {
                "text": "(CVE-2023-4641) shadow/passwd@1:4.13+dfsg1-1+b1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `shadow` package and not the `shadow` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.\n## Remediation\nThere is no fixed version for `Debian:12` `shadow`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-4641](https://security-tracker.debian.org/tracker/CVE-2023-4641)\n- [https://access.redhat.com/errata/RHSA-2023:6632](https://access.redhat.com/errata/RHSA-2023:6632)\n- [https://access.redhat.com/errata/RHSA-2023:7112](https://access.redhat.com/errata/RHSA-2023:7112)\n- [https://access.redhat.com/security/cve/CVE-2023-4641](https://access.redhat.com/security/cve/CVE-2023-4641)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2215945](https://bugzilla.redhat.com/show_bug.cgi?id=2215945)\n- [https://access.redhat.com/errata/RHSA-2024:0417](https://access.redhat.com/errata/RHSA-2024:0417)\n- [https://access.redhat.com/errata/RHSA-2024:2577](https://access.redhat.com/errata/RHSA-2024:2577)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-287",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SQLITE3-2407042",
              "shortDescription": {
                "text": "Low severity - Memory Leak vulnerability in sqlite3"
              },
              "fullDescription": {
                "text": "(CVE-2021-45346) sqlite3/libsqlite3-0@3.40.1-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `sqlite3` package and not the `sqlite3` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.\n## Remediation\nThere is no fixed version for `Debian:12` `sqlite3`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-45346](https://security-tracker.debian.org/tracker/CVE-2021-45346)\n- [https://github.com/guyinatuxedo/sqlite3_record_leaking](https://github.com/guyinatuxedo/sqlite3_record_leaking)\n- [https://security.netapp.com/advisory/ntap-20220303-0001/](https://security.netapp.com/advisory/ntap-20220303-0001/)\n- [https://sqlite.org/forum/forumpost/056d557c2f8c452ed5](https://sqlite.org/forum/forumpost/056d557c2f8c452ed5)\n- [https://sqlite.org/forum/forumpost/53de8864ba114bf6](https://sqlite.org/forum/forumpost/53de8864ba114bf6)\n- [https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves](https://www.sqlite.org/cves.html#status_of_recent_sqlite_cves)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-401",
                  "deb"
                ],
                "cvssv3_baseScore": 4.3,
                "security-severity": "4.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SQLITE3-6139924",
              "shortDescription": {
                "text": "Low severity - Out-of-Bounds vulnerability in sqlite3"
              },
              "fullDescription": {
                "text": "(CVE-2023-7104) sqlite3/libsqlite3-0@3.40.1-2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `sqlite3` package and not the `sqlite3` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.\n## Remediation\nThere is no fixed version for `Debian:12` `sqlite3`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-7104](https://security-tracker.debian.org/tracker/CVE-2023-7104)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/)\n- [https://sqlite.org/forum/forumpost/5bcbf4571c](https://sqlite.org/forum/forumpost/5bcbf4571c)\n- [https://sqlite.org/src/info/0e4e7a05c4204b47](https://sqlite.org/src/info/0e4e7a05c4204b47)\n- [https://vuldb.com/?ctiid.248999](https://vuldb.com/?ctiid.248999)\n- [https://vuldb.com/?id.248999](https://vuldb.com/?id.248999)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/)\n- [https://security.netapp.com/advisory/ntap-20240112-0008/](https://security.netapp.com/advisory/ntap-20240112-0008/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-119",
                  "deb"
                ],
                "cvssv3_baseScore": 7.3,
                "security-severity": "7.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SYSTEMD-1560739",
              "shortDescription": {
                "text": "Low severity - Link Following vulnerability in systemd"
              },
              "fullDescription": {
                "text": "(CVE-2013-4392) systemd/libsystemd0@252.30-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `systemd` package and not the `systemd` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nsystemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.\n## Remediation\nThere is no fixed version for `Debian:12` `systemd`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2013-4392](https://security-tracker.debian.org/tracker/CVE-2013-4392)\n- [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357)\n- [http://www.openwall.com/lists/oss-security/2013/10/01/9](http://www.openwall.com/lists/oss-security/2013/10/01/9)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=859060](https://bugzilla.redhat.com/show_bug.cgi?id=859060)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-59",
                  "deb"
                ],
                "cvssv3_baseScore": 4.4,
                "security-severity": "4.4"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SYSTEMD-5733385",
              "shortDescription": {
                "text": "Low severity - Improper Validation of Integrity Check Value vulnerability in systemd"
              },
              "fullDescription": {
                "text": "(CVE-2023-31437) systemd/libsystemd0@252.30-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `systemd` package and not the `systemd` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."\n## Remediation\nThere is no fixed version for `Debian:12` `systemd`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31437](https://security-tracker.debian.org/tracker/CVE-2023-31437)\n- [https://github.com/kastel-security/Journald](https://github.com/kastel-security/Journald)\n- [https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf](https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf)\n- [https://github.com/systemd/systemd/releases](https://github.com/systemd/systemd/releases)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-354",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SYSTEMD-5733390",
              "shortDescription": {
                "text": "Low severity - Improper Validation of Integrity Check Value vulnerability in systemd"
              },
              "fullDescription": {
                "text": "(CVE-2023-31438) systemd/libsystemd0@252.30-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `systemd` package and not the `systemd` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."\n## Remediation\nThere is no fixed version for `Debian:12` `systemd`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31438](https://security-tracker.debian.org/tracker/CVE-2023-31438)\n- [https://github.com/kastel-security/Journald](https://github.com/kastel-security/Journald)\n- [https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf](https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf)\n- [https://github.com/systemd/systemd/releases](https://github.com/systemd/systemd/releases)\n- [https://github.com/systemd/systemd/pull/28886](https://github.com/systemd/systemd/pull/28886)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-354",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-SYSTEMD-5733398",
              "shortDescription": {
                "text": "Low severity - Improper Validation of Integrity Check Value vulnerability in systemd"
              },
              "fullDescription": {
                "text": "(CVE-2023-31439) systemd/libsystemd0@252.30-1~deb12u2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `systemd` package and not the `systemd` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."\n## Remediation\nThere is no fixed version for `Debian:12` `systemd`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-31439](https://security-tracker.debian.org/tracker/CVE-2023-31439)\n- [https://github.com/kastel-security/Journald](https://github.com/kastel-security/Journald)\n- [https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf](https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf)\n- [https://github.com/systemd/systemd/releases](https://github.com/systemd/systemd/releases)\n- [https://github.com/systemd/systemd/pull/28885](https://github.com/systemd/systemd/pull/28885)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-354",
                  "deb"
                ],
                "cvssv3_baseScore": 5.3,
                "security-severity": "5.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TAR-1560620",
              "shortDescription": {
                "text": "Low severity - CVE-2005-2541 vulnerability in tar"
              },
              "fullDescription": {
                "text": "(CVE-2005-2541) tar@1.34+dfsg-1.2+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tar` package and not the `tar` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nTar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.\n## Remediation\nThere is no fixed version for `Debian:12` `tar`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2005-2541](https://security-tracker.debian.org/tracker/CVE-2005-2541)\n- [http://marc.info/?l=bugtraq&m=112327628230258&w=2](http://marc.info/?l=bugtraq&m=112327628230258&w=2)\n- [https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E](https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E)\n- [https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E](https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-1560922",
              "shortDescription": {
                "text": "Low severity - Missing Release of Resource after Effective Lifetime vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2017-16232) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nLibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-16232](https://security-tracker.debian.org/tracker/CVE-2017-16232)\n- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16232)\n- [http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html](http://packetstormsecurity.com/files/150896/LibTIFF-4.0.8-Memory-Leak.html)\n- [http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html](http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00036.html)\n- [http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00041.html)\n- [http://www.openwall.com/lists/oss-security/2017/11/01/11](http://www.openwall.com/lists/oss-security/2017/11/01/11)\n- [http://www.openwall.com/lists/oss-security/2017/11/01/3](http://www.openwall.com/lists/oss-security/2017/11/01/3)\n- [http://www.openwall.com/lists/oss-security/2017/11/01/7](http://www.openwall.com/lists/oss-security/2017/11/01/7)\n- [http://www.openwall.com/lists/oss-security/2017/11/01/8](http://www.openwall.com/lists/oss-security/2017/11/01/8)\n- [http://seclists.org/fulldisclosure/2018/Dec/32](http://seclists.org/fulldisclosure/2018/Dec/32)\n- [http://seclists.org/fulldisclosure/2018/Dec/47](http://seclists.org/fulldisclosure/2018/Dec/47)\n- [http://www.securityfocus.com/bid/101696](http://www.securityfocus.com/bid/101696)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-772",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-1561093",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Read vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2017-5563) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nLibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-5563](https://security-tracker.debian.org/tracker/CVE-2017-5563)\n- [https://security.gentoo.org/glsa/201709-27](https://security.gentoo.org/glsa/201709-27)\n- [http://bugzilla.maptools.org/show_bug.cgi?id=2664](http://bugzilla.maptools.org/show_bug.cgi?id=2664)\n- [http://www.securityfocus.com/bid/95705](http://www.securityfocus.com/bid/95705)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5563](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5563)\n- [https://usn.ubuntu.com/3606-1/](https://usn.ubuntu.com/3606-1/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-125",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-1561130",
              "shortDescription": {
                "text": "Low severity - Use After Free vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2017-17973) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-17973](https://security-tracker.debian.org/tracker/CVE-2017-17973)\n- [http://bugzilla.maptools.org/show_bug.cgi?id=2769](http://bugzilla.maptools.org/show_bug.cgi?id=2769)\n- [https://bugzilla.novell.com/show_bug.cgi?id=1074318](https://bugzilla.novell.com/show_bug.cgi?id=1074318)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=1530912](https://bugzilla.redhat.com/show_bug.cgi?id=1530912)\n- [http://www.securityfocus.com/bid/102331](http://www.securityfocus.com/bid/102331)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-416",
                  "deb"
                ],
                "cvssv3_baseScore": 8.8,
                "security-severity": "8.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-1561402",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2018-10126) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2018-10126](https://security-tracker.debian.org/tracker/CVE-2018-10126)\n- [http://bugzilla.maptools.org/show_bug.cgi?id=2786](http://bugzilla.maptools.org/show_bug.cgi?id=2786)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10126](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-10126)\n- [https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E](https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E)\n- [https://gitlab.com/libtiff/libtiff/-/issues/128](https://gitlab.com/libtiff/libtiff/-/issues/128)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-1561632",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Read vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2017-9117) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nIn LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2017-9117](https://security-tracker.debian.org/tracker/CVE-2017-9117)\n- [http://bugzilla.maptools.org/show_bug.cgi?id=2690](http://bugzilla.maptools.org/show_bug.cgi?id=2690)\n- [http://www.securityfocus.com/bid/98581](http://www.securityfocus.com/bid/98581)\n- [http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9117](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9117)\n- [https://usn.ubuntu.com/3606-1/](https://usn.ubuntu.com/3606-1/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-125",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-2440572",
              "shortDescription": {
                "text": "Low severity - Improper Resource Shutdown or Release vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2022-1210) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2022-1210](https://security-tracker.debian.org/tracker/CVE-2022-1210)\n- [https://gitlab.com/libtiff/libtiff/-/issues/402](https://gitlab.com/libtiff/libtiff/-/issues/402)\n- [https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff](https://gitlab.com/libtiff/libtiff/uploads/c3da94e53cf1e1e8e6d4d3780dc8c42f/example.tiff)\n- [https://security.gentoo.org/glsa/202210-10](https://security.gentoo.org/glsa/202210-10)\n- [https://security.netapp.com/advisory/ntap-20220513-0005/](https://security.netapp.com/advisory/ntap-20220513-0005/)\n- [https://vuldb.com/?id.196363](https://vuldb.com/?id.196363)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-404",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-5416364",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Read vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-1916) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-1916](https://security-tracker.debian.org/tracker/CVE-2023-1916)\n- [https://gitlab.com/libtiff/libtiff/-/issues/536,](https://gitlab.com/libtiff/libtiff/-/issues/536,)\n- [https://gitlab.com/libtiff/libtiff/-/issues/537](https://gitlab.com/libtiff/libtiff/-/issues/537)\n- [https://gitlab.com/libtiff/libtiff/-/issues/536%2C](https://gitlab.com/libtiff/libtiff/-/issues/536%2C)\n- [https://gitlab.com/libtiff/libtiff/-/issues/536](https://gitlab.com/libtiff/libtiff/-/issues/536)\n- [https://support.apple.com/kb/HT213844](https://support.apple.com/kb/HT213844)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-125",
                  "deb"
                ],
                "cvssv3_baseScore": 6.1,
                "security-severity": "6.1"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-5673710",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-3164) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-3164](https://security-tracker.debian.org/tracker/CVE-2023-3164)\n- [https://access.redhat.com/security/cve/CVE-2023-4156](https://access.redhat.com/security/cve/CVE-2023-4156)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2215930](https://bugzilla.redhat.com/show_bug.cgi?id=2215930)\n- [https://access.redhat.com/security/cve/CVE-2023-3164](https://access.redhat.com/security/cve/CVE-2023-3164)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2213531](https://bugzilla.redhat.com/show_bug.cgi?id=2213531)\n- [https://gitlab.com/libtiff/libtiff/-/issues/542](https://gitlab.com/libtiff/libtiff/-/issues/542)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-5747599",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-26965) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nloadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-26965](https://security-tracker.debian.org/tracker/CVE-2023-26965)\n- [https://gitlab.com/libtiff/libtiff/-/merge_requests/472](https://gitlab.com/libtiff/libtiff/-/merge_requests/472)\n- [https://security.netapp.com/advisory/ntap-20230706-0009/](https://security.netapp.com/advisory/ntap-20230706-0009/)\n- [https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html](https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-5749338",
              "shortDescription": {
                "text": "Low severity - Buffer Overflow vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-26966) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-26966](https://security-tracker.debian.org/tracker/CVE-2023-26966)\n- [https://gitlab.com/libtiff/libtiff/-/issues/530](https://gitlab.com/libtiff/libtiff/-/issues/530)\n- [https://gitlab.com/libtiff/libtiff/-/merge_requests/473](https://gitlab.com/libtiff/libtiff/-/merge_requests/473)\n- [https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html](https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-120",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-5750144",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-2908) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-2908](https://security-tracker.debian.org/tracker/CVE-2023-2908)\n- [https://access.redhat.com/security/cve/CVE-2023-2908](https://access.redhat.com/security/cve/CVE-2023-2908)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2218830](https://bugzilla.redhat.com/show_bug.cgi?id=2218830)\n- [https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f](https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f)\n- [https://gitlab.com/libtiff/libtiff/-/merge_requests/479](https://gitlab.com/libtiff/libtiff/-/merge_requests/479)\n- [https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html](https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html)\n- [https://security.netapp.com/advisory/ntap-20230731-0004/](https://security.netapp.com/advisory/ntap-20230731-0004/)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-5767899",
              "shortDescription": {
                "text": "Low severity - Buffer Overflow vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-25433) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nlibtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-25433](https://security-tracker.debian.org/tracker/CVE-2023-25433)\n- [https://gitlab.com/libtiff/libtiff/-/issues/520](https://gitlab.com/libtiff/libtiff/-/issues/520)\n- [https://gitlab.com/libtiff/libtiff/-/merge_requests/467](https://gitlab.com/libtiff/libtiff/-/merge_requests/467)\n- [https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html](https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-120",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-5773187",
              "shortDescription": {
                "text": "Low severity - Buffer Overflow vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-3618) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-3618](https://security-tracker.debian.org/tracker/CVE-2023-3618)\n- [https://access.redhat.com/security/cve/CVE-2023-3618](https://access.redhat.com/security/cve/CVE-2023-3618)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2215865](https://bugzilla.redhat.com/show_bug.cgi?id=2215865)\n- [https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html](https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html)\n- [https://security.netapp.com/advisory/ntap-20230824-0012/](https://security.netapp.com/advisory/ntap-20230824-0012/)\n- [https://support.apple.com/kb/HT214036](https://support.apple.com/kb/HT214036)\n- [https://support.apple.com/kb/HT214037](https://support.apple.com/kb/HT214037)\n- [https://support.apple.com/kb/HT214038](https://support.apple.com/kb/HT214038)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-120",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-6079922",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-6228) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-6228](https://security-tracker.debian.org/tracker/CVE-2023-6228)\n- [https://access.redhat.com/security/cve/CVE-2023-6228](https://access.redhat.com/security/cve/CVE-2023-6228)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2240995](https://bugzilla.redhat.com/show_bug.cgi?id=2240995)\n- [https://access.redhat.com/errata/RHSA-2024:2289](https://access.redhat.com/errata/RHSA-2024:2289)\n- [https://access.redhat.com/errata/RHSA-2024:5079](https://access.redhat.com/errata/RHSA-2024:5079)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 3.3,
                "security-severity": "3.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-6084514",
              "shortDescription": {
                "text": "Low severity - Resource Exhaustion vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-6277) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-6277](https://security-tracker.debian.org/tracker/CVE-2023-6277)\n- [https://access.redhat.com/security/cve/CVE-2023-6277](https://access.redhat.com/security/cve/CVE-2023-6277)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2251311](https://bugzilla.redhat.com/show_bug.cgi?id=2251311)\n- [https://gitlab.com/libtiff/libtiff/-/issues/614](https://gitlab.com/libtiff/libtiff/-/issues/614)\n- [https://gitlab.com/libtiff/libtiff/-/merge_requests/545](https://gitlab.com/libtiff/libtiff/-/merge_requests/545)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJIN6DTSL3VODZUGWEUXLEL5DR53EZMV/)\n- [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7ZGN2MZXJ6E57W3L4YBM3ZPAU3T7T5C/)\n- [https://security.netapp.com/advisory/ntap-20240119-0002/](https://security.netapp.com/advisory/ntap-20240119-0002/)\n- [https://support.apple.com/kb/HT214116](https://support.apple.com/kb/HT214116)\n- [https://support.apple.com/kb/HT214117](https://support.apple.com/kb/HT214117)\n- [https://support.apple.com/kb/HT214118](https://support.apple.com/kb/HT214118)\n- [https://support.apple.com/kb/HT214119](https://support.apple.com/kb/HT214119)\n- [https://support.apple.com/kb/HT214120](https://support.apple.com/kb/HT214120)\n- [https://support.apple.com/kb/HT214122](https://support.apple.com/kb/HT214122)\n- [https://support.apple.com/kb/HT214123](https://support.apple.com/kb/HT214123)\n- [https://support.apple.com/kb/HT214124](https://support.apple.com/kb/HT214124)\n- [http://seclists.org/fulldisclosure/2024/Jul/16](http://seclists.org/fulldisclosure/2024/Jul/16)\n- [http://seclists.org/fulldisclosure/2024/Jul/17](http://seclists.org/fulldisclosure/2024/Jul/17)\n- [http://seclists.org/fulldisclosure/2024/Jul/20](http://seclists.org/fulldisclosure/2024/Jul/20)\n- [http://seclists.org/fulldisclosure/2024/Jul/21](http://seclists.org/fulldisclosure/2024/Jul/21)\n- [http://seclists.org/fulldisclosure/2024/Jul/22](http://seclists.org/fulldisclosure/2024/Jul/22)\n- [http://seclists.org/fulldisclosure/2024/Jul/23](http://seclists.org/fulldisclosure/2024/Jul/23)\n- [http://seclists.org/fulldisclosure/2024/Jul/18](http://seclists.org/fulldisclosure/2024/Jul/18)\n- [http://seclists.org/fulldisclosure/2024/Jul/19](http://seclists.org/fulldisclosure/2024/Jul/19)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-400",
                  "deb"
                ],
                "cvssv3_baseScore": 6.5,
                "security-severity": "6.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-6190608",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-52356) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-52356](https://security-tracker.debian.org/tracker/CVE-2023-52356)\n- [https://access.redhat.com/security/cve/CVE-2023-52356](https://access.redhat.com/security/cve/CVE-2023-52356)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2251344](https://bugzilla.redhat.com/show_bug.cgi?id=2251344)\n- [https://gitlab.com/libtiff/libtiff/-/issues/622](https://gitlab.com/libtiff/libtiff/-/issues/622)\n- [https://gitlab.com/libtiff/libtiff/-/merge_requests/546](https://gitlab.com/libtiff/libtiff/-/merge_requests/546)\n- [https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html](https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html)\n- [https://support.apple.com/kb/HT214116](https://support.apple.com/kb/HT214116)\n- [https://support.apple.com/kb/HT214117](https://support.apple.com/kb/HT214117)\n- [https://support.apple.com/kb/HT214118](https://support.apple.com/kb/HT214118)\n- [https://support.apple.com/kb/HT214119](https://support.apple.com/kb/HT214119)\n- [https://support.apple.com/kb/HT214120](https://support.apple.com/kb/HT214120)\n- [https://support.apple.com/kb/HT214122](https://support.apple.com/kb/HT214122)\n- [https://support.apple.com/kb/HT214123](https://support.apple.com/kb/HT214123)\n- [https://support.apple.com/kb/HT214124](https://support.apple.com/kb/HT214124)\n- [http://seclists.org/fulldisclosure/2024/Jul/16](http://seclists.org/fulldisclosure/2024/Jul/16)\n- [http://seclists.org/fulldisclosure/2024/Jul/17](http://seclists.org/fulldisclosure/2024/Jul/17)\n- [http://seclists.org/fulldisclosure/2024/Jul/20](http://seclists.org/fulldisclosure/2024/Jul/20)\n- [http://seclists.org/fulldisclosure/2024/Jul/21](http://seclists.org/fulldisclosure/2024/Jul/21)\n- [http://seclists.org/fulldisclosure/2024/Jul/22](http://seclists.org/fulldisclosure/2024/Jul/22)\n- [http://seclists.org/fulldisclosure/2024/Jul/23](http://seclists.org/fulldisclosure/2024/Jul/23)\n- [http://seclists.org/fulldisclosure/2024/Jul/18](http://seclists.org/fulldisclosure/2024/Jul/18)\n- [http://seclists.org/fulldisclosure/2024/Jul/19](http://seclists.org/fulldisclosure/2024/Jul/19)\n- [https://access.redhat.com/errata/RHSA-2024:5079](https://access.redhat.com/errata/RHSA-2024:5079)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-6190785",
              "shortDescription": {
                "text": "Low severity - Out-of-bounds Write vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2023-52355) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nAn out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-52355](https://security-tracker.debian.org/tracker/CVE-2023-52355)\n- [https://access.redhat.com/security/cve/CVE-2023-52355](https://access.redhat.com/security/cve/CVE-2023-52355)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2251326](https://bugzilla.redhat.com/show_bug.cgi?id=2251326)\n- [https://gitlab.com/libtiff/libtiff/-/issues/621](https://gitlab.com/libtiff/libtiff/-/issues/621)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-787",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-TIFF-7642493",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in tiff"
              },
              "fullDescription": {
                "text": "(CVE-2024-7006) tiff/libtiffxx6@4.5.0-6+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `tiff` package and not the `tiff` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.\n## Remediation\nThere is no fixed version for `Debian:12` `tiff`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-7006](https://security-tracker.debian.org/tracker/CVE-2024-7006)\n- [https://access.redhat.com/security/cve/CVE-2024-7006](https://access.redhat.com/security/cve/CVE-2024-7006)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2302996](https://bugzilla.redhat.com/show_bug.cgi?id=2302996)\n- [https://access.redhat.com/errata/RHSA-2024:6360](https://access.redhat.com/errata/RHSA-2024:6360)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 7.5,
                "security-severity": "7.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-UNZIP-2387294",
              "shortDescription": {
                "text": "Low severity - NULL Pointer Dereference vulnerability in unzip"
              },
              "fullDescription": {
                "text": "(CVE-2021-4217) unzip@6.0-28"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `unzip` package and not the `unzip` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.\n## Remediation\nThere is no fixed version for `Debian:12` `unzip`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-4217](https://security-tracker.debian.org/tracker/CVE-2021-4217)\n- [https://access.redhat.com/security/cve/CVE-2021-4217](https://access.redhat.com/security/cve/CVE-2021-4217)\n- [https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077](https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077)\n- [https://bugzilla.redhat.com/show_bug.cgi?id=2044583](https://bugzilla.redhat.com/show_bug.cgi?id=2044583)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-476",
                  "deb"
                ],
                "cvssv3_baseScore": 3.3,
                "security-severity": "3.3"
              }
            },
            {
              "id": "SNYK-DEBIAN12-UTILLINUX-2401083",
              "shortDescription": {
                "text": "Low severity - Information Exposure vulnerability in util-linux"
              },
              "fullDescription": {
                "text": "(CVE-2022-0563) util-linux/libuuid1@2.38.1-5+deb12u1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `util-linux` package and not the `util-linux` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nA flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.\n## Remediation\nThere is no fixed version for `Debian:12` `util-linux`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)\n- [https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u](https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u)\n- [https://security.netapp.com/advisory/ntap-20220331-0002/](https://security.netapp.com/advisory/ntap-20220331-0002/)\n- [https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u](https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w%40ws.net.home/T/#u)\n- [https://security.gentoo.org/glsa/202401-08](https://security.gentoo.org/glsa/202401-08)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-209",
                  "deb"
                ],
                "cvssv3_baseScore": 5.5,
                "security-severity": "5.5"
              }
            },
            {
              "id": "SNYK-DEBIAN12-WGET-1562497",
              "shortDescription": {
                "text": "Low severity - Open Redirect vulnerability in wget"
              },
              "fullDescription": {
                "text": "(CVE-2021-31879) wget/wget@1.21.3-1+b2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `wget` package and not the `wget` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nGNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.\n## Remediation\nThere is no fixed version for `Debian:12` `wget`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2021-31879](https://security-tracker.debian.org/tracker/CVE-2021-31879)\n- [https://security.netapp.com/advisory/ntap-20210618-0002/](https://security.netapp.com/advisory/ntap-20210618-0002/)\n- [https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html](https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-601",
                  "deb"
                ],
                "cvssv3_baseScore": 6.1,
                "security-severity": "6.1"
              }
            },
            {
              "id": "SNYK-DEBIAN12-WGET-7266538",
              "shortDescription": {
                "text": "Low severity - Interpretation Conflict vulnerability in wget"
              },
              "fullDescription": {
                "text": "(CVE-2024-38428) wget/wget@1.21.3-1+b2"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `wget` package and not the `wget` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nurl.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.\n## Remediation\nThere is no fixed version for `Debian:12` `wget`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2024-38428](https://security-tracker.debian.org/tracker/CVE-2024-38428)\n- [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace](https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace)\n- [https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html](https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html)\n"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-436",
                  "deb"
                ],
                "cvssv3_baseScore": 9.1,
                "security-severity": "9.1"
              }
            },
            {
              "id": "SNYK-DEBIAN12-ZLIB-6008963",
              "shortDescription": {
                "text": "Critical severity - Integer Overflow or Wraparound vulnerability in zlib"
              },
              "fullDescription": {
                "text": "(CVE-2023-45853) zlib/zlib1g@1:1.2.13.dfsg-1"
              },
              "help": {
                "text": "",
                "markdown": "## NVD Description\n**_Note:_** _Versions mentioned in the description apply only to the upstream `zlib` package and not the `zlib` package as distributed by `Debian`._\n_See `How to fix?` for `Debian:12` relevant fixed versions and status._\n\nMiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.\n## Remediation\nThere is no fixed version for `Debian:12` `zlib`.\n## References\n- [https://security-tracker.debian.org/tracker/CVE-2023-45853](https://security-tracker.debian.org/tracker/CVE-2023-45853)\n- [https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356](https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356)\n- [https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61](https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61)\n- [https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4](https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4)\n- [https://github.com/madler/zlib/pull/843](https://github.com/madler/zlib/pull/843)\n- [https://www.winimage.com/zLibDll/minizip.html](https://www.winimage.com/zLibDll/minizip.html)\n- [http://www.openwall.com/lists/oss-security/2023/10/20/9](http://www.openwall.com/lists/oss-security/2023/10/20/9)\n- [https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html](https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html)\n- [https://security.netapp.com/advisory/ntap-20231130-0009/](https://security.netapp.com/advisory/ntap-20231130-0009/)\n- [https://pypi.org/project/pyminizip/#history](https://pypi.org/project/pyminizip/#history)\n- [https://security.gentoo.org/glsa/202401-18](https://security.gentoo.org/glsa/202401-18)\n- [http://www.openwall.com/lists/oss-security/2024/01/24/10](http://www.openwall.com/lists/oss-security/2024/01/24/10)\n"
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "properties": {
                "tags": [
                  "security",
                  "CWE-190",
                  "deb"
                ],
                "cvssv3_baseScore": 9.8,
                "security-severity": "9.8"
              }
            }
          ]
        }
      },
      "results": [
        {
          "ruleId": "SNYK-DEBIAN12-AOM-5878995",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable aom package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "aom@3.6.0-1+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-AOM-6140324",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable aom package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "aom@3.6.0-1+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-APR-7833616",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable apr package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "apr@1.7.2-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-APT-1541449",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable apt package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "apt@2.6.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-BINUTILS-1542119",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable binutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "binutils@2.40-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-BINUTILS-1542166",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable binutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "binutils@2.40-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-BINUTILS-1542259",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable binutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "binutils@2.40-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-BINUTILS-1542441",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable binutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "binutils@2.40-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-BINUTILS-5422222",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable binutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "binutils@2.40-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-BINUTILS-5803143",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable binutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "binutils@2.40-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-CAIRO-1542506",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable cairo package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "cairo@1.16.0-7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-CAIRO-1542635",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable cairo package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "cairo@1.16.0-7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-CAIRO-1542674",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable cairo package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "cairo@1.16.0-7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-CAIRO-1542729",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable cairo package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "cairo@1.16.0-7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-COREUTILS-1543939",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable coreutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "coreutils@9.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-COREUTILS-1543947",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable coreutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "coreutils@9.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-CURL-6501697",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable curl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "curl@7.88.1-10+deb12u7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-CURL-7930897",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable curl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "curl@7.88.1-10+deb12u7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-DAV1D-5518047",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable dav1d package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "dav1d@1.0.0-2+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-DJVULIBRE-5858453",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable djvulibre package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "djvulibre@3.5.28-2+b1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-DJVULIBRE-5858454",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable djvulibre package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "djvulibre@3.5.28-2+b1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-ELFUTILS-6254969",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable elfutils package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "elfutils@0.188-2.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-EXPAT-6227597",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable expat package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "expat@2.5.0-1+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-EXPAT-6227603",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable expat package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "expat@2.5.0-1+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-EXPAT-6420595",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable expat package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "expat@2.5.0-1+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-EXPAT-8309094",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable expat package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "expat@2.5.0-1+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GCC12-2606941",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable gcc-12 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "gcc-12@12.2.0-14"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GCC12-5901316",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable gcc-12 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "gcc-12@12.2.0-14"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GIT-1547086",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable git package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "git@1:2.39.5-0+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GIT-2399902",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable git package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "git@1:2.39.5-0+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIB20-1547042",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glib2.0 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glib2.0@2.74.6-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1546991",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547039",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547069",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547135",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547196",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547293",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GLIBC-1547373",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable glibc package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "glibc@2.36-9+deb12u8"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GNUPG2-3330747",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable gnupg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "gnupg2@2.2.40-1.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-GNUTLS28-1547121",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable gnutls28 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "gnutls28@3.7.9-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-HARFBUZZ-3311294",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable harfbuzz package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "harfbuzz@6.0.0+dfsg-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-1548360",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-1548383",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-1548409",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-1548461",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-1548464",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-1548490",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-1548737",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-1548871",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-IMAGEMAGICK-5660573",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable imagemagick package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "imagemagick@8:6.9.11.60+dfsg-1.6+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-JANSSON-1548880",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable jansson package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "jansson@2.14-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-JBIGKIT-1549085",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable jbigkit package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "jbigkit@2.1-6.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-KRB5-1549480",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable krb5 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "krb5@1.20.1-2+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-KRB5-6277411",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable krb5 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "krb5@1.20.1-2+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-KRB5-6277412",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable krb5 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "krb5@1.20.1-2+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-KRB5-6277421",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable krb5 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "krb5@1.20.1-2+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBDE265-6672145",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libde265 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libde265@1.0.11-1+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBDE265-7411271",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libde265 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libde265@1.0.11-1+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBDE265-7411272",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libde265 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libde265@1.0.11-1+deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBGCRYPT20-1550206",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libgcrypt20 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libgcrypt20@1.10.1-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBGCRYPT20-6405981",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libgcrypt20 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libgcrypt20@1.10.1-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBHEIF-5498469",
          "level": "warning",
          "message": {
            "text": "This file introduces a vulnerable libheif package with a medium severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libheif@1.15.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBHEIF-6105360",
          "level": "error",
          "message": {
            "text": "This file introduces a vulnerable libheif package with a high severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libheif@1.15.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBHEIF-6105378",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libheif package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libheif@1.15.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBHEIF-6371532",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libheif package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libheif@1.15.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBHEIF-8224949",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libheif package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libheif@1.15.1-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBPNG16-2363910",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libpng1.6 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libpng1.6@1.6.39-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBWMF-1551191",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libwmf package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libwmf@0.2.12-5.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBWMF-1551196",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libwmf package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libwmf@0.2.12-5.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBWMF-1551197",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libwmf package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libwmf@0.2.12-5.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBWMF-1551447",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libwmf package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libwmf@0.2.12-5.1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBXML2-5871333",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libxml2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libxml2@2.9.14+dfsg-1.3~deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBXML2-5947663",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libxml2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libxml2@2.9.14+dfsg-1.3~deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBXML2-6227803",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libxml2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libxml2@2.9.14+dfsg-1.3~deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBXML2-6839382",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libxml2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libxml2@2.9.14+dfsg-1.3~deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-LIBXSLT-1551290",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable libxslt package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "libxslt@1.1.35-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-M4-1553360",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable m4 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "m4@1.4.19-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-M4-1553473",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable m4 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "m4@1.4.19-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-MARIADB-6913415",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable mariadb package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "mariadb@1:10.11.6-0+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-NCURSES-6123823",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable ncurses package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "ncurses@6.4-4"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-NCURSES-6252773",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable ncurses package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "ncurses@6.4-4"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-NGHTTP2-6541749",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable nghttp2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "nghttp2@1.52.0-1+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENEXR-1555478",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openexr package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openexr@3.1.5-5"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENEXR-6227429",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openexr package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openexr@3.1.5-5"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENEXR-6594465",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openexr package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openexr@3.1.5-5"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555599",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555605",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555606",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555618",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555638",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555659",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555684",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555859",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555862",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555866",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555892",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555911",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1555936",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1556010",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-1556013",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-7427598",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-7427599",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENJPEG2-7428269",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openjpeg2 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openjpeg2@2.5.0-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENLDAP-1555631",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openldap package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openldap@2.5.13+dfsg-5"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENLDAP-1555724",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openldap package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openldap@2.5.13+dfsg-5"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENLDAP-1555918",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openldap package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openldap@2.5.13+dfsg-5"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENLDAP-1555941",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openldap package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openldap@2.5.13+dfsg-5"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENLDAP-5660620",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openldap package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openldap@2.5.13+dfsg-5"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-1555751",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-1555766",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-1556004",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-1556046",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-1556049",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-1556053",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-1556262",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-1585651",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSH-6139205",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssh package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssh@1:9.2p1-2+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSL-7411350",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssl@3.0.14-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-OPENSSL-8229893",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable openssl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "openssl@3.0.14-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PAM-6178914",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable pam package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "pam@1.5.2-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PAM-8303301",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable pam package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "pam@1.5.2-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PATCH-1556285",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable patch package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "patch@2.7.6-7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PATCH-1556552",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable patch package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "patch@2.7.6-7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PATCH-1556555",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable patch package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "patch@2.7.6-7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PATCH-2324793",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable patch package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "patch@2.7.6-7"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PERL-1556505",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable perl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "perl@5.36.0-7+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PERL-5489184",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable perl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "perl@5.36.0-7+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PERL-5489190",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable perl package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "perl@5.36.0-7+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PIXMAN-5803155",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable pixman package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "pixman@0.42.2-1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PROCPS-5816466",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable procps package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "procps@2:4.0.2-3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PYTHON311-5430932",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable python3.11 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "python3.11@3.11.2-6+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PYTHON311-7578119",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable python3.11 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "python3.11@3.11.2-6+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PYTHON311-7707942",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable python3.11 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "python3.11@3.11.2-6+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PYTHON311-7886332",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable python3.11 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "python3.11@3.11.2-6+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-PYTHON311-8305721",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable python3.11 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "python3.11@3.11.2-6+deb12u3"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SHADOW-1559391",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable shadow package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "shadow@1:4.13+dfsg1-1+b1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SHADOW-5423923",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable shadow package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "shadow@1:4.13+dfsg1-1+b1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SHADOW-5879156",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable shadow package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "shadow@1:4.13+dfsg1-1+b1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SQLITE3-2407042",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable sqlite3 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "sqlite3@3.40.1-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SQLITE3-6139924",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable sqlite3 package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "sqlite3@3.40.1-2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SYSTEMD-1560739",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable systemd package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "systemd@252.30-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SYSTEMD-5733385",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable systemd package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "systemd@252.30-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SYSTEMD-5733390",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable systemd package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "systemd@252.30-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-SYSTEMD-5733398",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable systemd package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "systemd@252.30-1~deb12u2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TAR-1560620",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tar package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tar@1.34+dfsg-1.2+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-1560922",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-1561093",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-1561130",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-1561402",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-1561632",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-2440572",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-5416364",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-5673710",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-5747599",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-5749338",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-5750144",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-5767899",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-5773187",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-6079922",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-6084514",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-6190608",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-6190785",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-TIFF-7642493",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable tiff package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "tiff@4.5.0-6+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-UNZIP-2387294",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable unzip package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "unzip@6.0-28"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-UTILLINUX-2401083",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable util-linux package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "util-linux@2.38.1-5+deb12u1"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-WGET-1562497",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable wget package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "wget@1.21.3-1+b2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-WGET-7266538",
          "level": "note",
          "message": {
            "text": "This file introduces a vulnerable wget package with a low severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "wget@1.21.3-1+b2"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "SNYK-DEBIAN12-ZLIB-6008963",
          "level": "error",
          "message": {
            "text": "This file introduces a vulnerable zlib package with a critical severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "iuriikogan/snyk-juice-shop_v1.0.3/snyk-juice-shop"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "zlib@1:1.2.13.dfsg-1"
                }
              ]
            }
          ]
        }
      ]
    },
    {
      "tool": {
        "driver": {
          "name": "Snyk Container",
          "semanticVersion": "1.1294.0",
          "version": "1.1294.0",
          "informationUri": "https://docs.snyk.io/",
          "properties": {
            "artifactsScanned": 207
          },
          "rules": [
            {
              "id": "snyk:lic:npm:npm:Artistic-2.0",
              "shortDescription": {
                "text": "Medium severity - Artistic-2.0 license vulnerability in npm"
              },
              "fullDescription": {
                "text": "npm@10.9.0"
              },
              "help": {
                "text": "",
                "markdown": "Artistic-2.0 license"
              },
              "defaultConfiguration": {
                "level": "warning"
              },
              "properties": {
                "tags": [
                  "security",
                  "npm"
                ],
                "security-severity": "undefined"
              }
            }
          ]
        }
      },
      "results": [
        {
          "ruleId": "snyk:lic:npm:npm:Artistic-2.0",
          "level": "warning",
          "message": {
            "text": "This file introduces a vulnerable npm package with a medium severity vulnerability."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "/usr/local/lib/node_modules"
                },
                "region": {
                  "startLine": 1
                }
              },
              "logicalLocations": [
                {
                  "fullyQualifiedName": "npm@10.9.0"
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}