What happened:
python3-setuptools detected with two versions:
66.1.1 from syft
/usr/lib/python3/dist-packages/setuptools-66.1.1.egg-info/top_level.txt
/usr/lib/python3/dist-packages/setuptools-66.1.1.egg-info/PKG-INFO

66.1.1-1+deb12u1 from syft
/var/lib/dpkg/info/python3-setuptools.list
/var/lib/dpkg/info/python3-setuptools.prerm
/usr/share/doc/python3-setuptools/copyright
/var/lib/dpkg/info/python3-setuptools.md5sums
/var/lib/dpkg/info/python3-setuptools.postinst
/var/lib/dpkg/status

What you expected to happen:
Only version 66.1.1-1+deb12u1 to appear

Steps to reproduce the issue:
Download/install python3-setuptools 66.1.1-1+deb12u1 in a debian 12 container and scan

Anything else we need to know?:
dpkg know ALL of the files installed - you can use that list to correlate two different kinds of detections and merge them

Environment:

• Output of syft version: 1.18.0
• OS (e.g: cat /etc/os-release or similar): debian 12