Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1049591?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1049591?format=api", "purl": "pkg:deb/debian/libgd2@2.2.5-5.2", "type": "deb", "namespace": "debian", "name": "libgd2", "version": "2.2.5-5.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.3.3-9", "latest_non_vulnerable_version": "2.3.3-9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94855?format=api", "vulnerability_id": "VCID-g3zj-r8ag-a7ej", "summary": "read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3878", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39192", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39215", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39134", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39188", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39204", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39216", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3916", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39214", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39184", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.39095", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38885", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38862", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38115" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991912", "reference_id": "991912", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991912" }, { "reference_url": "https://security.archlinux.org/AVG-2258", "reference_id": "AVG-2258", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2258" }, { "reference_url": "https://usn.ubuntu.com/5068-1/", "reference_id": "USN-5068-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5068-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053054?format=api", "purl": "pkg:deb/debian/libgd2@2.3.3-9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9" } ], "aliases": [ "CVE-2021-38115" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3zj-r8ag-a7ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93245?format=api", "vulnerability_id": "VCID-jun7-q9ts-ebfe", "summary": "In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says \"In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62107", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62123", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62116", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62155", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62205", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62222", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.6224", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62096", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62209", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62255", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62262", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62246", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.6223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62156", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00425", "scoring_system": "epss", "scoring_elements": "0.62187", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6363" }, { "reference_url": "https://usn.ubuntu.com/5068-1/", "reference_id": "USN-5068-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5068-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052412?format=api", "purl": "pkg:deb/debian/libgd2@2.3.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2" } ], "aliases": [ "CVE-2017-6363" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jun7-q9ts-ebfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94885?format=api", "vulnerability_id": "VCID-qqe4-4aja-j7dz", "summary": "gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is \"The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62337", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62326", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62333", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62317", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62342", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62226", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62293", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62312", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62302", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62281", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67494", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67515", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67458", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40145" }, { "reference_url": "https://security.archlinux.org/AVG-2258", "reference_id": "AVG-2258", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2258" }, { "reference_url": "https://usn.ubuntu.com/5068-1/", "reference_id": "USN-5068-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5068-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053054?format=api", "purl": "pkg:deb/debian/libgd2@2.3.3-9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9" } ], "aliases": [ "CVE-2021-40145" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqe4-4aja-j7dz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94909?format=api", "vulnerability_id": "VCID-s83u-wk4f-wkfd", "summary": "The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40812", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32541", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32929", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32903", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32944", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32922", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32885", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32738", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32623", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32895", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.33025", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.33058", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32888", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32935", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32964", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32967", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40812" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40812", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40812" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9", "reference_id": "6f5136821be86e7068fcdf651ae9420b5d42e9a9", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/" } ], "url": "https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9" }, { "reference_url": "https://github.com/libgd/libgd/issues/750#issuecomment-914872385", "reference_id": "750#issuecomment-914872385", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/" } ], "url": "https://github.com/libgd/libgd/issues/750#issuecomment-914872385" }, { "reference_url": "https://security.archlinux.org/AVG-2258", "reference_id": "AVG-2258", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2258" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html" }, { "reference_url": "https://usn.ubuntu.com/7112-1/", "reference_id": "USN-7112-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7112-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053054?format=api", "purl": "pkg:deb/debian/libgd2@2.3.3-9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9" } ], "aliases": [ "CVE-2021-40812" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s83u-wk4f-wkfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81713?format=api", "vulnerability_id": "VCID-zp5r-wjhe-u7b3", "summary": "gd: NULL pointer dereference in gdImageClone", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14553.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14553.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76696", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.767", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76729", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76711", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76743", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76782", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76762", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76795", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.768", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76791", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76823", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.7683", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00979", "scoring_system": "epss", "scoring_elements": "0.76841", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600727", "reference_id": "1600727", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600727" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287", "reference_id": "951287", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4659", "reference_id": "RHSA-2020:4659", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4659" }, { "reference_url": "https://usn.ubuntu.com/4316-1/", "reference_id": "USN-4316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4316-1/" }, { "reference_url": "https://usn.ubuntu.com/4316-2/", "reference_id": "USN-4316-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4316-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052412?format=api", "purl": "pkg:deb/debian/libgd2@2.3.0-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2" } ], "aliases": [ "CVE-2018-14553" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zp5r-wjhe-u7b3" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72442?format=api", "vulnerability_id": "VCID-3bce-bp4m-3bcy", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61448", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61424", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61463", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61467", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61451", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61439", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61453", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01378", "scoring_system": "epss", "scoring_elements": "0.8022", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01378", "scoring_system": "epss", "scoring_elements": "0.80248", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01378", "scoring_system": "epss", "scoring_elements": "0.80259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01378", "scoring_system": "epss", "scoring_elements": "0.80277", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01378", "scoring_system": "epss", "scoring_elements": "0.80262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01378", "scoring_system": "epss", "scoring_elements": "0.80204", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01378", "scoring_system": "epss", "scoring_elements": "0.80212", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01378", "scoring_system": "epss", "scoring_elements": "0.80232", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgd/libgd/issues/381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgd/libgd/issues/381" }, { "reference_url": "https://github.com/libgd/libgd/releases/tag/gd-2.2.5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgd/libgd/releases/tag/gd-2.2.5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N2BLXX7KNRE7ZVQAKGTHHWS33CUCXVUP/" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3961", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3961" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489842", "reference_id": "1489842", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489842" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgd:libgd:2.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6362", "reference_id": "CVE-2017-6362", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6362" }, { "reference_url": "https://usn.ubuntu.com/3410-1/", "reference_id": "USN-3410-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3410-1/" }, { "reference_url": "https://usn.ubuntu.com/3410-2/", "reference_id": "USN-3410-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3410-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035839?format=api", "purl": "pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pj7-5gy9-97f7" }, { "vulnerability": "VCID-34yj-pb2j-5faa" }, { "vulnerability": "VCID-3bce-bp4m-3bcy" }, { "vulnerability": "VCID-3v99-kbeq-47d8" }, { "vulnerability": "VCID-4eyx-7fmr-r7dm" }, { "vulnerability": "VCID-6xda-97rd-9bam" }, { "vulnerability": "VCID-6ysv-9bmx-w7df" }, { "vulnerability": "VCID-75xx-y3xu-cqe2" }, { "vulnerability": "VCID-7rvx-8x2z-7kdm" }, { "vulnerability": "VCID-9zks-j1fv-ukew" }, { "vulnerability": "VCID-b878-mmfs-e3g1" }, { "vulnerability": "VCID-cr4d-8dhn-gkgq" }, { "vulnerability": "VCID-fcm8-f9e6-83b4" }, { "vulnerability": "VCID-fwyg-v128-k7c9" }, { "vulnerability": "VCID-g1b8-dkd3-j3a2" }, { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-habv-tr8c-rucd" }, { "vulnerability": "VCID-hwys-fv79-b7d8" }, { "vulnerability": "VCID-jhzv-9ey6-gkdz" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-k6qv-tnq5-ybd7" }, { "vulnerability": "VCID-ku2g-q6cg-ayhc" }, { "vulnerability": "VCID-m3ve-pf4u-9qhh" }, { "vulnerability": "VCID-pnee-e13t-57a2" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-r7yv-ryzk-z3e8" }, { "vulnerability": "VCID-s33d-rhg8-wqej" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-sszm-mvm2-m7ee" }, { "vulnerability": "VCID-tfaf-hb2s-fyb9" }, { "vulnerability": "VCID-vya2-pzx7-m7c1" }, { "vulnerability": "VCID-x14b-aaj3-nyed" }, { "vulnerability": "VCID-x635-b1cj-m7d7" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036906?format=api", "purl": "pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3bce-bp4m-3bcy" }, { "vulnerability": "VCID-3v99-kbeq-47d8" }, { "vulnerability": "VCID-6xda-97rd-9bam" }, { "vulnerability": "VCID-6ysv-9bmx-w7df" }, { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-r7yv-ryzk-z3e8" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-sszm-mvm2-m7ee" }, { "vulnerability": "VCID-x635-b1cj-m7d7" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049591?format=api", "purl": "pkg:deb/debian/libgd2@2.2.5-5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2" } ], "aliases": [ "CVE-2017-6362" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3bce-bp4m-3bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61526?format=api", "vulnerability_id": "VCID-3v99-kbeq-47d8", "summary": "Multiple vulnerabilities have been found in GD, the worst of which\n could result in the remote execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5711.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5711.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5711", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.91953", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.92001", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.92002", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.92006", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.91961", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.91969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.91975", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.91988", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.91991", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.91994", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.91993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.9199", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.92008", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07835", "scoring_system": "epss", "scoring_elements": "0.92005", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535246", "reference_id": "1535246", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535246" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887485", "reference_id": "887485", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887485" }, { "reference_url": "https://security.archlinux.org/AVG-865", "reference_id": "AVG-865", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-865" }, { "reference_url": "https://security.gentoo.org/glsa/201903-18", "reference_id": "GLSA-201903-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1296", "reference_id": "RHSA-2018:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2519", "reference_id": "RHSA-2019:2519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2519" }, { "reference_url": "https://usn.ubuntu.com/3755-1/", "reference_id": "USN-3755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3755-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049591?format=api", "purl": "pkg:deb/debian/libgd2@2.2.5-5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2" } ], "aliases": [ "CVE-2018-5711" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3v99-kbeq-47d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61527?format=api", "vulnerability_id": "VCID-6xda-97rd-9bam", "summary": "Multiple vulnerabilities have been found in GD, the worst of which\n could result in the remote execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html" }, { "reference_url": "http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html" }, { "reference_url": "http://php.net/ChangeLog-5.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://php.net/ChangeLog-5.php" }, { "reference_url": "http://php.net/ChangeLog-7.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://php.net/ChangeLog-7.php" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.99399", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.9941", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.99405", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.99408", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.99407", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.99409", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.994", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.99402", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.99403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.863", "scoring_system": "epss", "scoring_elements": "0.99404", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6977" }, { "reference_url": "https://bugs.php.net/bug.php?id=77270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.php.net/bug.php?id=77270" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190315-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190315-0003/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4384" }, { "reference_url": "https://www.exploit-db.com/exploits/46677/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46677/" }, { "reference_url": "http://www.securityfocus.com/bid/106731", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106731" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672207", "reference_id": "1672207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672207" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920645", "reference_id": "920645", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920645" }, { "reference_url": "https://security.archlinux.org/AVG-865", "reference_id": "AVG-865", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-865" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:php:php:7.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:7.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/cfreal/exploits/blob/1a671d1d8510e93a0b2607261e9b779562585fe2/CVE-2019-6977-imagecolormatch/exploit.php", "reference_id": "CVE-2019-6977", "reference_type": "exploit", "scores": [], "url": "https://github.com/cfreal/exploits/blob/1a671d1d8510e93a0b2607261e9b779562585fe2/CVE-2019-6977-imagecolormatch/exploit.php" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46677.php", "reference_id": "CVE-2019-6977", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46677.php" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6977", "reference_id": "CVE-2019-6977", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6977" }, { "reference_url": "https://security.gentoo.org/glsa/201903-18", "reference_id": "GLSA-201903-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2519", "reference_id": "RHSA-2019:2519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3299", "reference_id": "RHSA-2019:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4659", "reference_id": "RHSA-2020:4659", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4659" }, { "reference_url": "https://usn.ubuntu.com/3900-1/", "reference_id": "USN-3900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3900-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036906?format=api", "purl": "pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3bce-bp4m-3bcy" }, { "vulnerability": "VCID-3v99-kbeq-47d8" }, { "vulnerability": "VCID-6xda-97rd-9bam" }, { "vulnerability": "VCID-6ysv-9bmx-w7df" }, { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-r7yv-ryzk-z3e8" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-sszm-mvm2-m7ee" }, { "vulnerability": "VCID-x635-b1cj-m7d7" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049591?format=api", "purl": "pkg:deb/debian/libgd2@2.2.5-5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2" } ], "aliases": [ "CVE-2019-6977" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xda-97rd-9bam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72904?format=api", "vulnerability_id": "VCID-6ysv-9bmx-w7df", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7890.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7890.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25333", "scoring_system": "epss", "scoring_elements": "0.96165", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.25333", "scoring_system": "epss", "scoring_elements": "0.96201", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.25333", "scoring_system": "epss", "scoring_elements": "0.96173", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.25333", "scoring_system": "epss", "scoring_elements": "0.96181", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.25333", "scoring_system": "epss", "scoring_elements": "0.96183", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.25333", "scoring_system": "epss", "scoring_elements": "0.96193", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.25333", "scoring_system": "epss", "scoring_elements": "0.96196", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.25333", "scoring_system": "epss", "scoring_elements": "0.962", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.28056", "scoring_system": "epss", "scoring_elements": "0.96482", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.28056", "scoring_system": "epss", "scoring_elements": "0.96486", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.28056", "scoring_system": "epss", "scoring_elements": "0.96475", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.28056", "scoring_system": "epss", "scoring_elements": "0.96487", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.30217", "scoring_system": "epss", "scoring_elements": "0.96695", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.30217", "scoring_system": "epss", "scoring_elements": "0.96696", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.30217", "scoring_system": "epss", "scoring_elements": "0.96692", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473822", "reference_id": "1473822", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473822" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869263", "reference_id": "869263", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0406", "reference_id": "RHSA-2018:0406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1296", "reference_id": "RHSA-2018:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1296" }, { "reference_url": "https://usn.ubuntu.com/3389-1/", "reference_id": "USN-3389-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3389-1/" }, { "reference_url": "https://usn.ubuntu.com/3389-2/", "reference_id": "USN-3389-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3389-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035839?format=api", "purl": "pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pj7-5gy9-97f7" }, { "vulnerability": "VCID-34yj-pb2j-5faa" }, { "vulnerability": "VCID-3bce-bp4m-3bcy" }, { "vulnerability": "VCID-3v99-kbeq-47d8" }, { "vulnerability": "VCID-4eyx-7fmr-r7dm" }, { "vulnerability": "VCID-6xda-97rd-9bam" }, { "vulnerability": "VCID-6ysv-9bmx-w7df" }, { "vulnerability": "VCID-75xx-y3xu-cqe2" }, { "vulnerability": "VCID-7rvx-8x2z-7kdm" }, { "vulnerability": "VCID-9zks-j1fv-ukew" }, { "vulnerability": "VCID-b878-mmfs-e3g1" }, { "vulnerability": "VCID-cr4d-8dhn-gkgq" }, { "vulnerability": "VCID-fcm8-f9e6-83b4" }, { "vulnerability": "VCID-fwyg-v128-k7c9" }, { "vulnerability": "VCID-g1b8-dkd3-j3a2" }, { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-habv-tr8c-rucd" }, { "vulnerability": "VCID-hwys-fv79-b7d8" }, { "vulnerability": "VCID-jhzv-9ey6-gkdz" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-k6qv-tnq5-ybd7" }, { "vulnerability": "VCID-ku2g-q6cg-ayhc" }, { "vulnerability": "VCID-m3ve-pf4u-9qhh" }, { "vulnerability": "VCID-pnee-e13t-57a2" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-r7yv-ryzk-z3e8" }, { "vulnerability": "VCID-s33d-rhg8-wqej" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-sszm-mvm2-m7ee" }, { "vulnerability": "VCID-tfaf-hb2s-fyb9" }, { "vulnerability": "VCID-vya2-pzx7-m7c1" }, { "vulnerability": "VCID-x14b-aaj3-nyed" }, { "vulnerability": "VCID-x635-b1cj-m7d7" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036906?format=api", "purl": "pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3bce-bp4m-3bcy" }, { "vulnerability": "VCID-3v99-kbeq-47d8" }, { "vulnerability": "VCID-6xda-97rd-9bam" }, { "vulnerability": "VCID-6ysv-9bmx-w7df" }, { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-r7yv-ryzk-z3e8" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-sszm-mvm2-m7ee" }, { "vulnerability": "VCID-x635-b1cj-m7d7" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049591?format=api", "purl": "pkg:deb/debian/libgd2@2.2.5-5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2" } ], "aliases": [ "CVE-2017-7890" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ysv-9bmx-w7df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61525?format=api", "vulnerability_id": "VCID-r7yv-ryzk-z3e8", "summary": "Multiple vulnerabilities have been found in GD, the worst of which\n could result in the remote execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000222.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000222.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75716", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75671", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75675", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.7566", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75699", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75704", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75588", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75623", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75633", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.75658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00897", "scoring_system": "epss", "scoring_elements": "0.7564", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01215", "scoring_system": "epss", "scoring_elements": "0.78981", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01215", "scoring_system": "epss", "scoring_elements": "0.79007", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01215", "scoring_system": "epss", "scoring_elements": "0.78975", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1621953", "reference_id": "1621953", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1621953" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906886", "reference_id": "906886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906886" }, { "reference_url": "https://security.archlinux.org/AVG-865", "reference_id": "AVG-865", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-865" }, { "reference_url": "https://security.gentoo.org/glsa/201903-18", "reference_id": "GLSA-201903-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-18" }, { "reference_url": "https://usn.ubuntu.com/3755-1/", "reference_id": "USN-3755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3755-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049591?format=api", "purl": "pkg:deb/debian/libgd2@2.2.5-5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2" } ], "aliases": [ "CVE-2018-1000222" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7yv-ryzk-z3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79067?format=api", "vulnerability_id": "VCID-sszm-mvm2-m7ee", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11038", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93291", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93293", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93299", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93295", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93249", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93248", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93256", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93261", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93262", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93264", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93282", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.1054", "scoring_system": "epss", "scoring_elements": "0.93287", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.10719", "scoring_system": "epss", "scoring_elements": "0.93303", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10719", "scoring_system": "epss", "scoring_elements": "0.93295", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149", "reference_id": "1724149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1724149" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821", "reference_id": "929821", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2519", "reference_id": "RHSA-2019:2519", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2519" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3299", "reference_id": "RHSA-2019:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3299" }, { "reference_url": "https://usn.ubuntu.com/4316-1/", "reference_id": "USN-4316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4316-1/" }, { "reference_url": "https://usn.ubuntu.com/4316-2/", "reference_id": "USN-4316-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4316-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049591?format=api", "purl": "pkg:deb/debian/libgd2@2.2.5-5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2" } ], "aliases": [ "CVE-2019-11038" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sszm-mvm2-m7ee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61528?format=api", "vulnerability_id": "VCID-x635-b1cj-m7d7", "summary": "Multiple vulnerabilities have been found in GD, the worst of which\n could result in the remote execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6978.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6978.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.8545", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.85512", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.8548", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.85483", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.85503", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.85526", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.85525", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.85521", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.85545", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.8555", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02564", "scoring_system": "epss", "scoring_elements": "0.85463", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03442", "scoring_system": "epss", "scoring_elements": "0.8752", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03442", "scoring_system": "epss", "scoring_elements": "0.87527", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03442", "scoring_system": "epss", "scoring_elements": "0.87526", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03442", "scoring_system": "epss", "scoring_elements": "0.87504", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6978" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0" }, { "reference_url": "https://github.com/libgd/libgd/issues/492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libgd/libgd/issues/492" }, { "reference_url": "https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/php/php-src/commit/089f7c0bc28d399b0420aa6ef058e4c1c120b2ae" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4384" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671390", "reference_id": "1671390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671390" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728", "reference_id": "920728", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728" }, { "reference_url": "https://security.archlinux.org/AVG-865", "reference_id": "AVG-865", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-865" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libgd:libgd:2.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6978", "reference_id": "CVE-2019-6978", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6978" }, { "reference_url": "https://security.gentoo.org/glsa/201903-18", "reference_id": "GLSA-201903-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2722", "reference_id": "RHSA-2019:2722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3943", "reference_id": "RHSA-2020:3943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4659", "reference_id": "RHSA-2020:4659", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4659" }, { "reference_url": "https://usn.ubuntu.com/3900-1/", "reference_id": "USN-3900-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3900-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036906?format=api", "purl": "pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3bce-bp4m-3bcy" }, { "vulnerability": "VCID-3v99-kbeq-47d8" }, { "vulnerability": "VCID-6xda-97rd-9bam" }, { "vulnerability": "VCID-6ysv-9bmx-w7df" }, { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-r7yv-ryzk-z3e8" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-sszm-mvm2-m7ee" }, { "vulnerability": "VCID-x635-b1cj-m7d7" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049591?format=api", "purl": "pkg:deb/debian/libgd2@2.2.5-5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-g3zj-r8ag-a7ej" }, { "vulnerability": "VCID-jun7-q9ts-ebfe" }, { "vulnerability": "VCID-qqe4-4aja-j7dz" }, { "vulnerability": "VCID-s83u-wk4f-wkfd" }, { "vulnerability": "VCID-zp5r-wjhe-u7b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2" } ], "aliases": [ "CVE-2019-6978" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x635-b1cj-m7d7" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2" }