Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/20513?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/20513?format=api", "purl": "pkg:nuget/libpng@1.6.0", "type": "nuget", "namespace": "", "name": "libpng", "version": "1.6.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7052?format=api", "vulnerability_id": "VCID-3ggs-vja8-r3de", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nBuffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0973.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83617", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.8363", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83646", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.8367", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83694", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83687", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83683", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83718", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83719", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83744", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83752", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83758", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/10/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177327", "reference_id": "1177327", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177327" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/10/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/10/3" }, { "reference_url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/", "reference_id": "33173461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/" }, { "reference_url": "http://secunia.com/advisories/62725", "reference_id": "62725", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://secunia.com/advisories/62725" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823", "reference_id": "773823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673", "reference_id": "775673", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0973", "reference_id": "CVE-2015-0973", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0973" }, { "reference_url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt", "reference_id": "libpng_heap_overflow_1.6.15.txt", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240719-0005/", "reference_id": "ntap-20240719-0005", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240719-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2015-0973" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ggs-vja8-r3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7199?format=api", "vulnerability_id": "VCID-cu24-1rcd-93g3", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nMultiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.", "references": [ { "reference_url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172324.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172620.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172647.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172663.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172769.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172797.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172823.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177344.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177382.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00033.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00015.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00018.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00159.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00160.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00062.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00029.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00030.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8126.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91821", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91825", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91765", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91773", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91787", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.918", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91806", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91809", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91811", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91807", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91827", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91819", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.9182", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07516", "scoring_system": "epss", "scoring_elements": "0.91826", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8126" }, { "reference_url": "https://code.google.com/p/chromium/issues/detail?id=560291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://code.google.com/p/chromium/issues/detail?id=560291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1632", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1632" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1634", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1637" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1638", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1638" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1639", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1639" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1642", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1642" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2845" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148" }, { "reference_url": "https://support.apple.com/HT206167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT206167" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3399", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2015/dsa-3399" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3507", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3507" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/11/12/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/11/12/2" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://www.securityfocus.com/bid/77568", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/77568" }, { "reference_url": "http://www.securitytracker.com/id/1034142", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034142" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2815-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2815-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281756", "reference_id": "1281756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281756" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update65:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update65:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8126", "reference_id": "CVE-2015-8126", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8126" }, { "reference_url": "https://security.gentoo.org/glsa/201603-09", "reference_id": "GLSA-201603-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201603-09" }, { "reference_url": "https://security.gentoo.org/glsa/201611-08", "reference_id": "GLSA-201611-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2594", "reference_id": "RHSA-2015:2594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2595", "reference_id": "RHSA-2015:2595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2596", "reference_id": "RHSA-2015:2596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0055", "reference_id": "RHSA-2016:0055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0056", "reference_id": "RHSA-2016:0056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0057", "reference_id": "RHSA-2016:0057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0098", "reference_id": "RHSA-2016:0098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0099", "reference_id": "RHSA-2016:0099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0100", "reference_id": "RHSA-2016:0100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0101", "reference_id": "RHSA-2016:0101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1430", "reference_id": "RHSA-2016:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "reference_url": "https://usn.ubuntu.com/2815-1/", "reference_id": "USN-2815-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2815-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/21264?format=api", "purl": "pkg:nuget/libpng@1.6.19.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.19.1" } ], "aliases": [ "CVE-2015-8126" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cu24-1rcd-93g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6891?format=api", "vulnerability_id": "VCID-had5-3tnv-k3hm", "summary": "Uncontrolled Resource Consumption\nThe png_do_expand_palette function in libpng allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6954.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87629", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.8764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87652", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87653", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87675", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87681", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87687", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87684", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87699", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.877", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87696", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87715", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.8772", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03546", "scoring_system": "epss", "scoring_elements": "0.87719", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561", "reference_id": "1045561", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045561" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html", "reference_id": "127947.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html", "reference_id": "127952.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html", "reference_id": "128098.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html", "reference_id": "128099.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html", "reference_id": "128114.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html" }, { "reference_url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/", "reference_id": "1.6.8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/" }, { "reference_url": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c", "reference_id": "1faa6ff32c648acfe3cf30a58d31d7aebc24968c", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c" }, { "reference_url": "http://secunia.com/advisories/58974", "reference_id": "58974", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://secunia.com/advisories/58974" }, { "reference_url": "http://secunia.com/advisories/59058", "reference_id": "59058", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://secunia.com/advisories/59058" }, { "reference_url": "http://www.securityfocus.com/bid/64493", "reference_id": "64493", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://www.securityfocus.com/bid/64493" }, { "reference_url": "http://www.kb.cert.org/vuls/id/650142", "reference_id": "650142", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://www.kb.cert.org/vuls/id/650142" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:035", "reference_id": "advisories?name=MDVSA-2014:035", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:035" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6954", "reference_id": "CVE-2013-6954", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6954" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", "reference_id": "docview.wss?uid=swg21672080", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" }, { "reference_url": "https://www.ibm.com/support/docview.wss?uid=swg21675973", "reference_id": "docview.wss?uid=swg21675973", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "https://www.ibm.com/support/docview.wss?uid=swg21675973" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", "reference_id": "docview.wss?uid=swg21676746", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "http://advisories.mageia.org/MGASA-2014-0075.html", "reference_id": "MGASA-2014-0075.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://advisories.mageia.org/MGASA-2014-0075.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html", "reference_id": "msg00071.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0412", "reference_id": "RHSA-2014:0412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0413", "reference_id": "RHSA-2014:0413", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2014:0413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0486", "reference_id": "RHSA-2014:0486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0508", "reference_id": "RHSA-2014:0508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0705", "reference_id": "RHSA-2014:0705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0705" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0982", "reference_id": "RHSA-2014:0982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0982" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2013-6954" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-had5-3tnv-k3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7047?format=api", "vulnerability_id": "VCID-mxh6-rpb3-tbbq", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87524", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87547", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87549", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87568", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87586", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87593", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87592", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.8761", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87617", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87615", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/10/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/10/1" }, { "reference_url": "http://www.securitytracker.com/id/1031444", "reference_id": "1031444", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.securitytracker.com/id/1031444" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179186", "reference_id": "1179186", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179186" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/04/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/04/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/10/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/10/3" }, { "reference_url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/", "reference_id": "33172831", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/" }, { "reference_url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/", "reference_id": "33173461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/" }, { "reference_url": "http://secunia.com/advisories/62725", "reference_id": "62725", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://secunia.com/advisories/62725" }, { "reference_url": "http://www.securityfocus.com/bid/71820", "reference_id": "71820", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.securityfocus.com/bid/71820" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823", "reference_id": "773823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824", "reference_id": "773824", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9495", "reference_id": "CVE-2014-9495", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9495" }, { "reference_url": "https://security.gentoo.org/glsa/201502-10", "reference_id": "GLSA-201502-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2014-9495" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxh6-rpb3-tbbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6907?format=api", "vulnerability_id": "VCID-nhbw-6tpy-pbh3", "summary": "Uncontrolled Resource Consumption\nThe png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73361", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73371", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73395", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73417", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.7344", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.7342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73412", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73454", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73462", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73456", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73489", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73501", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73499", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070985", "reference_id": "1070985", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070985" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0333", "reference_id": "CVE-2014-0333", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0333" }, { "reference_url": "https://security.gentoo.org/glsa/201408-06", "reference_id": "GLSA-201408-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2014-0333" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbw-6tpy-pbh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82463?format=api", "vulnerability_id": "VCID-vhp1-5zpy-rfdt", "summary": "libpng: hardcoded value leads to heap-overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4214.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32438", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32583", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32619", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32442", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32518", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32521", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32483", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32457", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32492", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3247", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.44793", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46137", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46145", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4214" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/glennrp/libpng/issues/302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/glennrp/libpng/issues/302" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043393", "reference_id": "2043393", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043393" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-4214", "reference_id": "CVE-2021-4214", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2021-4214" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4214", "reference_id": "CVE-2021-4214", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4214" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2021-4214", "reference_id": "CVE-2021-4214", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2021-4214" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2021-4214" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhp1-5zpy-rfdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7800?format=api", "vulnerability_id": "VCID-zetn-zwnv-u7gf", "summary": "NULL Pointer Dereference\nThe png_set_text_2 function in libpng allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75969", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76115", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76055", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76094", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76104", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75972", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76004", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75983", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76016", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76031", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76032", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76027", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76071", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409617", "reference_id": "1409617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409617" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799", "reference_id": "849799", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799" }, { "reference_url": "https://security.archlinux.org/ASA-201701-2", "reference_id": "ASA-201701-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-2" }, { "reference_url": "https://security.archlinux.org/ASA-201701-5", "reference_id": "ASA-201701-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-5" }, { "reference_url": "https://security.archlinux.org/AVG-119", "reference_id": "AVG-119", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-119" }, { "reference_url": "https://security.archlinux.org/AVG-120", "reference_id": "AVG-120", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-120" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10087", "reference_id": "CVE-2016-10087", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10087" }, { "reference_url": "https://security.gentoo.org/glsa/201701-74", "reference_id": "GLSA-201701-74", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-74" }, { "reference_url": "https://usn.ubuntu.com/3712-1/", "reference_id": "USN-3712-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3712-1/" }, { "reference_url": "https://usn.ubuntu.com/3712-2/", "reference_id": "USN-3712-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3712-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/160086?format=api", "purl": "pkg:nuget/libpng@1.6.26.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8g2j-rqsk-zqfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.26.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23839?format=api", "purl": "pkg:nuget/libpng@1.6.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8g2j-rqsk-zqfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.28.1" } ], "aliases": [ "CVE-2016-10087" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zetn-zwnv-u7gf" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.0" }