Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6389?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6389?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.28-1%2Bdeb9u1", "type": "deb", "namespace": "debian", "name": "libpng1.6", "version": "1.6.28-1+deb9u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.48-1+deb13u5", "latest_non_vulnerable_version": "1.6.48-1+deb13u5", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64259?format=api", "vulnerability_id": "VCID-14x7-f34b-5uhr", "summary": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0776", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07821", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07834", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07806", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33416" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012", "reference_id": "1132012", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", "reference_id": "23019269764e35ed8458e517f1897bd3c54820eb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "reference_id": "2451805", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "reference_id": "7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/824", "reference_id": "824", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/824" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "reference_id": "a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "reference_id": "c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", "reference_id": "GHSA-m4pc-p4q3-4c7j", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11805", "reference_id": "RHSA-2026:11805", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11805" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11813", "reference_id": "RHSA-2026:11813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12264", "reference_id": "RHSA-2026:12264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13342", "reference_id": "RHSA-2026:13342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13412", "reference_id": "RHSA-2026:13412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13533", "reference_id": "RHSA-2026:13533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13582", "reference_id": "RHSA-2026:13582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13583", "reference_id": "RHSA-2026:13583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13596", "reference_id": "RHSA-2026:13596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13600", "reference_id": "RHSA-2026:13600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13600" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13665", "reference_id": "RHSA-2026:13665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13682", "reference_id": "RHSA-2026:13682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13683", "reference_id": "RHSA-2026:13683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13922", "reference_id": "RHSA-2026:13922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13977", "reference_id": "RHSA-2026:13977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14223", "reference_id": "RHSA-2026:14223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14303", "reference_id": "RHSA-2026:14303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15889", "reference_id": "RHSA-2026:15889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:15889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18028", "reference_id": "RHSA-2026:18028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18064", "reference_id": "RHSA-2026:18064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20548", "reference_id": "RHSA-2026:20548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20549", "reference_id": "RHSA-2026:20549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20550", "reference_id": "RHSA-2026:20550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20551", "reference_id": "RHSA-2026:20551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:20551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://usn.ubuntu.com/8251-1/", "reference_id": "USN-8251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8251-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2026-33416" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14x7-f34b-5uhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68382?format=api", "vulnerability_id": "VCID-5eh1-34nq-tff3", "summary": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13472", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13595", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.136", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13558", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443", "reference_id": "1125443", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_id": "218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "reference_id": "2428825", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/778", "reference_id": "778", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/778" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", "reference_id": "e4f7ad4ea2", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", "reference_id": "GHSA-mmq5-27w3-rxpp", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12274", "reference_id": "RHSA-2026:12274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2026-22695" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5eh1-34nq-tff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40093?format=api", "vulnerability_id": "VCID-5smk-e43v-2uhu", "summary": "Improper Handling of Exceptional Conditions\nAn issue has been found in libpng It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73404", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73441", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.7342", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73446", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73433", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608073", "reference_id": "1608073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608073" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14048", "reference_id": "CVE-2018-14048", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14048" }, { "reference_url": "https://usn.ubuntu.com/5432-1/", "reference_id": "USN-5432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5432-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5432-2/", "reference_id": "USN-USN-5432-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5432-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196160?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14x7-f34b-5uhr" }, { "vulnerability": "VCID-5eh1-34nq-tff3" }, { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-5rgq-xe5s-kkfc" }, { "vulnerability": "VCID-8fz1-8ztk-6ffz" }, { "vulnerability": "VCID-8gsp-rmdb-qfcn" }, { "vulnerability": "VCID-9snm-6n9z-kqam" }, { "vulnerability": "VCID-bcp5-yseg-gbgu" }, { "vulnerability": "VCID-gk3z-6dp9-73cd" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" }, { "vulnerability": "VCID-jax5-tqk4-vucd" }, { "vulnerability": "VCID-qk2z-8x43-7khw" }, { "vulnerability": "VCID-sb2a-mfgz-jfgt" }, { "vulnerability": "VCID-t5q5-b39g-t7hv" }, { "vulnerability": "VCID-v1ke-1b43-byhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3" } ], "aliases": [ "CVE-2018-14048" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5smk-e43v-2uhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71899?format=api", "vulnerability_id": "VCID-8fz1-8ztk-6ffz", "summary": "libpng: LIBPNG heap buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20435", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20557", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20543", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216", "reference_id": "1121216", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d", "reference_id": "16b5e3823918840aae65c0a6da57c78a5a496a4d", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_id": "218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "reference_id": "2416907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/755", "reference_id": "755", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/755" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/757", "reference_id": "757", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/757" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g", "reference_id": "GHSA-7wv6-48j4-hj3g", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g" }, { "reference_url": "https://security.gentoo.org/glsa/202511-06", "reference_id": "GLSA-202511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0125", "reference_id": "RHSA-2026:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0210", "reference_id": "RHSA-2026:0210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0211", "reference_id": "RHSA-2026:0211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0212", "reference_id": "RHSA-2026:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0216", "reference_id": "RHSA-2026:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0234", "reference_id": "RHSA-2026:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0237", "reference_id": "RHSA-2026:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0238", "reference_id": "RHSA-2026:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0241", "reference_id": "RHSA-2026:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0313", "reference_id": "RHSA-2026:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0321", "reference_id": "RHSA-2026:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0322", "reference_id": "RHSA-2026:0322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0323", "reference_id": "RHSA-2026:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://usn.ubuntu.com/7924-1/", "reference_id": "USN-7924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7924-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2025-65018" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fz1-8ztk-6ffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71944?format=api", "vulnerability_id": "VCID-8gsp-rmdb-qfcn", "summary": "libpng: LIBPNG heap buffer over-read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05864", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05916", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05907", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05909", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218", "reference_id": "1121218", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416906", "reference_id": "2416906", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416906" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821", "reference_id": "2bd84c019c300b78e811743fbcddb67c9d9bf821", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/749", "reference_id": "749", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/749" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6", "reference_id": "GHSA-qpr4-xm66-hww6", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6" }, { "reference_url": "https://security.gentoo.org/glsa/202511-06", "reference_id": "GLSA-202511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://usn.ubuntu.com/7924-1/", "reference_id": "USN-7924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7924-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2025-64506" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gsp-rmdb-qfcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71945?format=api", "vulnerability_id": "VCID-9snm-6n9z-kqam", "summary": "libpng: LIBPNG heap buffer overflow via malformed palette index", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02461", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02532", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02534", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02477", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219", "reference_id": "1121219", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416905", "reference_id": "2416905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416905" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37", "reference_id": "6a528eb5fd0dd7f6de1c39d30de0e41473431c37", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/748", "reference_id": "748", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/748" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42", "reference_id": "GHSA-4952-h5wq-4m42", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42" }, { "reference_url": "https://security.gentoo.org/glsa/202511-06", "reference_id": "GLSA-202511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://usn.ubuntu.com/7924-1/", "reference_id": "USN-7924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7924-1/" }, { "reference_url": "https://usn.ubuntu.com/8081-1/", "reference_id": "USN-8081-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8081-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2025-64505" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9snm-6n9z-kqam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62953?format=api", "vulnerability_id": "VCID-bcp5-yseg-gbgu", "summary": "libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34757", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00475", "published_at": "2026-06-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0048", "published_at": "2026-06-05T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00482", "published_at": "2026-06-06T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00479", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051", "reference_id": "1133051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456918", "reference_id": "2456918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456918" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", "reference_id": "398cbe3df03f4e11bb031e07f416dfdde3684e8a", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "reference_id": "55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/836", "reference_id": "836", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/836" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/837", "reference_id": "837", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/837" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", "reference_id": "GHSA-6fr7-g8h7-v645", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13719", "reference_id": "RHSA-2026:13719", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13719" }, { "reference_url": "https://usn.ubuntu.com/8251-1/", "reference_id": "USN-8251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8251-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2026-34757" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcp5-yseg-gbgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1624?format=api", "vulnerability_id": "VCID-dace-wnut-j7g5", "summary": "A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68821", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68796", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68836", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68844", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/108098", "reference_id": "108098", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "http://www.securityfocus.com/bid/108098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409", "reference_id": "1672409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409" }, { "reference_url": "https://github.com/glennrp/libpng/issues/275", "reference_id": "275", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://github.com/glennrp/libpng/issues/275" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/30", "reference_id": "30", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/30" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/36", "reference_id": "36", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/36" }, { "reference_url": "https://usn.ubuntu.com/3962-1/", "reference_id": "3962-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://usn.ubuntu.com/3962-1/" }, { "reference_url": "https://usn.ubuntu.com/3991-1/", "reference_id": "3991-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://usn.ubuntu.com/3991-1/" }, { "reference_url": "https://usn.ubuntu.com/3997-1/", "reference_id": "3997-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://usn.ubuntu.com/3997-1/" }, { "reference_url": "https://usn.ubuntu.com/4080-1/", "reference_id": "4080-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://usn.ubuntu.com/4080-1/" }, { "reference_url": "https://usn.ubuntu.com/4083-1/", "reference_id": "4083-1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://usn.ubuntu.com/4083-1/" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/56", "reference_id": "56", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://seclists.org/bugtraq/2019/May/56" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/59", "reference_id": "59", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://seclists.org/bugtraq/2019/May/59" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/67", "reference_id": "67", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://seclists.org/bugtraq/2019/May/67" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355", "reference_id": "921355", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355" }, { "reference_url": "https://security.archlinux.org/ASA-201904-10", "reference_id": "ASA-201904-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-10" }, { "reference_url": "https://security.archlinux.org/ASA-201905-8", "reference_id": "ASA-201905-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-8" }, { "reference_url": "https://security.archlinux.org/ASA-201905-9", "reference_id": "ASA-201905-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-9" }, { "reference_url": "https://security.archlinux.org/AVG-868", "reference_id": "AVG-868", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-868" }, { "reference_url": "https://security.archlinux.org/AVG-965", "reference_id": "AVG-965", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-965" }, { "reference_url": "https://security.archlinux.org/AVG-966", "reference_id": "AVG-966", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-966" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317", "reference_id": "CVE-2019-7317", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803", "reference_id": "detail?id=12803", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", "reference_id": "display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4435", "reference_id": "dsa-4435", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4435" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4448", "reference_id": "dsa-4448", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4448" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4451", "reference_id": "dsa-4451", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4451" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13", "reference_id": "mfsa2019-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14", "reference_id": "mfsa2019-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15", "reference_id": "mfsa2019-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html", "reference_id": "msg00002.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html", "reference_id": "msg00032.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html", "reference_id": "msg00044.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html", "reference_id": "msg00084.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0005/", "reference_id": "ntap-20190719-0005", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1265", "reference_id": "RHSA-2019:1265", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1267", "reference_id": "RHSA-2019:1267", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1269", "reference_id": "RHSA-2019:1269", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1308", "reference_id": "RHSA-2019:1308", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1309", "reference_id": "RHSA-2019:1309", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1310", "reference_id": "RHSA-2019:1310", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2494", "reference_id": "RHSA-2019:2494", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2495", "reference_id": "RHSA-2019:2495", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2585", "reference_id": "RHSA-2019:2585", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2590", "reference_id": "RHSA-2019:2590", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2592", "reference_id": "RHSA-2019:2592", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2737", "reference_id": "RHSA-2019:2737", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2737" }, { "reference_url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html", "reference_id": "Slackware-Security-Advisory-libpng-Updates.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/" } ], "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6390?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.36-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14x7-f34b-5uhr" }, { "vulnerability": "VCID-5eh1-34nq-tff3" }, { "vulnerability": "VCID-5smk-e43v-2uhu" }, { "vulnerability": "VCID-8fz1-8ztk-6ffz" }, { "vulnerability": "VCID-8gsp-rmdb-qfcn" }, { "vulnerability": "VCID-9snm-6n9z-kqam" }, { "vulnerability": "VCID-bcp5-yseg-gbgu" }, { "vulnerability": "VCID-jax5-tqk4-vucd" }, { "vulnerability": "VCID-qk2z-8x43-7khw" }, { "vulnerability": "VCID-sb2a-mfgz-jfgt" }, { "vulnerability": "VCID-t5q5-b39g-t7hv" }, { "vulnerability": "VCID-v1ke-1b43-byhc" }, { "vulnerability": "VCID-vuy5-t9wc-gqb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-6" } ], "aliases": [ "CVE-2019-7317" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dace-wnut-j7g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64231?format=api", "vulnerability_id": "VCID-jax5-tqk4-vucd", "summary": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16384", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16509", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16506", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16465", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013", "reference_id": "1132013", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "reference_id": "2451819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", "reference_id": "7734cda20cf1236aef60f3bbd2267c97bbb40869", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", "reference_id": "aba9f18eba870d14fb52c5ba5d73451349e339c3", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", "reference_id": "GHSA-wjr5-c57x-95m2", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11805", "reference_id": "RHSA-2026:11805", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11805" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11813", "reference_id": "RHSA-2026:11813", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11813" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12264", "reference_id": "RHSA-2026:12264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13342", "reference_id": "RHSA-2026:13342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13412", "reference_id": "RHSA-2026:13412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13533", "reference_id": "RHSA-2026:13533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13582", "reference_id": "RHSA-2026:13582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13583", "reference_id": "RHSA-2026:13583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13596", "reference_id": "RHSA-2026:13596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13600", "reference_id": "RHSA-2026:13600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13600" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13665", "reference_id": "RHSA-2026:13665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13682", "reference_id": "RHSA-2026:13682", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13683", "reference_id": "RHSA-2026:13683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13922", "reference_id": "RHSA-2026:13922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13977", "reference_id": "RHSA-2026:13977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14223", "reference_id": "RHSA-2026:14223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14303", "reference_id": "RHSA-2026:14303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14790", "reference_id": "RHSA-2026:14790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14790" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14791", "reference_id": "RHSA-2026:14791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15889", "reference_id": "RHSA-2026:15889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:15889" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17524", "reference_id": "RHSA-2026:17524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17567", "reference_id": "RHSA-2026:17567", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17603", "reference_id": "RHSA-2026:17603", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17603" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17642", "reference_id": "RHSA-2026:17642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17685", "reference_id": "RHSA-2026:17685", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17685" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8459", "reference_id": "RHSA-2026:8459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9345", "reference_id": "RHSA-2026:9345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9638", "reference_id": "RHSA-2026:9638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9693", "reference_id": "RHSA-2026:9693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9693" }, { "reference_url": "https://usn.ubuntu.com/8251-1/", "reference_id": "USN-8251-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8251-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2026-33636" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jax5-tqk4-vucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71017?format=api", "vulnerability_id": "VCID-qk2z-8x43-7khw", "summary": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33404", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33457", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33473", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33438", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66293" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877", "reference_id": "1121877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "reference_id": "2418711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/764", "reference_id": "764", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/764" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", "reference_id": "788a624d7387a758ffd5c7ab010f1870dea753a1", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", "reference_id": "a05a48b756de63e3234ea6b3b938b8f5f862484a", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", "reference_id": "GHSA-9mpm-9pxh-mg4f", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0125", "reference_id": "RHSA-2026:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0210", "reference_id": "RHSA-2026:0210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0211", "reference_id": "RHSA-2026:0211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0212", "reference_id": "RHSA-2026:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0216", "reference_id": "RHSA-2026:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0234", "reference_id": "RHSA-2026:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0237", "reference_id": "RHSA-2026:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0238", "reference_id": "RHSA-2026:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0241", "reference_id": "RHSA-2026:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0313", "reference_id": "RHSA-2026:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0321", "reference_id": "RHSA-2026:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0322", "reference_id": "RHSA-2026:0322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0323", "reference_id": "RHSA-2026:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2072", "reference_id": "RHSA-2026:2072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2633", "reference_id": "RHSA-2026:2633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2659", "reference_id": "RHSA-2026:2659", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2659" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2671", "reference_id": "RHSA-2026:2671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2974", "reference_id": "RHSA-2026:2974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3415", "reference_id": "RHSA-2026:3415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3861", "reference_id": "RHSA-2026:3861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4419", "reference_id": "RHSA-2026:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4419" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2025-66293" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qk2z-8x43-7khw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67072?format=api", "vulnerability_id": "VCID-sb2a-mfgz-jfgt", "summary": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25646", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23793", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23913", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23897", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23846", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25646" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", "reference_id": "01d03b8453eb30ade759cd45c707e5a1c7277d88", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566", "reference_id": "1127566", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "reference_id": "2438542", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", "reference_id": "GHSA-g8hp-mq4h-rqm3", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10097", "reference_id": "RHSA-2026:10097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12274", "reference_id": "RHSA-2026:12274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14773", "reference_id": "RHSA-2026:14773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15087", "reference_id": "RHSA-2026:15087", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:15087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17596", "reference_id": "RHSA-2026:17596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3031", "reference_id": "RHSA-2026:3031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3968", "reference_id": "RHSA-2026:3968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3969", "reference_id": "RHSA-2026:3969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4221", "reference_id": "RHSA-2026:4221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4222", "reference_id": "RHSA-2026:4222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4756", "reference_id": "RHSA-2026:4756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6439", "reference_id": "RHSA-2026:6439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6445", "reference_id": "RHSA-2026:6445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6466", "reference_id": "RHSA-2026:6466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6467", "reference_id": "RHSA-2026:6467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6468", "reference_id": "RHSA-2026:6468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6469", "reference_id": "RHSA-2026:6469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6553", "reference_id": "RHSA-2026:6553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7032", "reference_id": "RHSA-2026:7032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7033", "reference_id": "RHSA-2026:7033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7034", "reference_id": "RHSA-2026:7034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7035", "reference_id": "RHSA-2026:7035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7036", "reference_id": "RHSA-2026:7036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7239", "reference_id": "RHSA-2026:7239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7243", "reference_id": "RHSA-2026:7243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9686", "reference_id": "RHSA-2026:9686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9687", "reference_id": "RHSA-2026:9687", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9687" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" }, { "reference_url": "https://usn.ubuntu.com/8039-1/", "reference_id": "USN-8039-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8039-1/" }, { "reference_url": "https://usn.ubuntu.com/8081-1/", "reference_id": "USN-8081-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8081-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2026-25646" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sb2a-mfgz-jfgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40056?format=api", "vulnerability_id": "VCID-sngx-3zqa-kkgz", "summary": "Divide By Zero\nIn libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.87004", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86997", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.87009", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03717", "scoring_system": "epss", "scoring_elements": "0.88182", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03717", "scoring_system": "epss", "scoring_elements": "0.88202", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securitytracker.com/id/1041889", "reference_id": "1041889", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "http://www.securitytracker.com/id/1041889" }, { "reference_url": "http://www.securityfocus.com/bid/105599", "reference_id": "105599", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "http://www.securityfocus.com/bid/105599" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599943", "reference_id": "1599943", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599943" }, { "reference_url": "https://sourceforge.net/p/libpng/bugs/278/", "reference_id": "278", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://sourceforge.net/p/libpng/bugs/278/" }, { "reference_url": "https://usn.ubuntu.com/3712-1/", "reference_id": "3712-1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://usn.ubuntu.com/3712-1/" }, { "reference_url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2", "reference_id": "8a05766cb74af05c04c53e6c9d60c13fc4d59bf2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430", "reference_id": "903430", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13785", "reference_id": "CVE-2018-13785", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13785" }, { "reference_url": "https://security.gentoo.org/glsa/201908-10", "reference_id": "GLSA-201908-10", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://security.gentoo.org/glsa/201908-10" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0001/", "reference_id": "ntap-20181018-0001", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3000", "reference_id": "RHSA-2018:3000", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3001", "reference_id": "RHSA-2018:3001", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3002", "reference_id": "RHSA-2018:3002", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3003", "reference_id": "RHSA-2018:3003", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3007", "reference_id": "RHSA-2018:3007", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3008", "reference_id": "RHSA-2018:3008", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3533", "reference_id": "RHSA-2018:3533", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3534", "reference_id": "RHSA-2018:3534", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3671", "reference_id": "RHSA-2018:3671", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3672", "reference_id": "RHSA-2018:3672", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3779", "reference_id": "RHSA-2018:3779", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3852", "reference_id": "RHSA-2018:3852", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:13:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3852" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6390?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.36-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14x7-f34b-5uhr" }, { "vulnerability": "VCID-5eh1-34nq-tff3" }, { "vulnerability": "VCID-5smk-e43v-2uhu" }, { "vulnerability": "VCID-8fz1-8ztk-6ffz" }, { "vulnerability": "VCID-8gsp-rmdb-qfcn" }, { "vulnerability": "VCID-9snm-6n9z-kqam" }, { "vulnerability": "VCID-bcp5-yseg-gbgu" }, { "vulnerability": "VCID-jax5-tqk4-vucd" }, { "vulnerability": "VCID-qk2z-8x43-7khw" }, { "vulnerability": "VCID-sb2a-mfgz-jfgt" }, { "vulnerability": "VCID-t5q5-b39g-t7hv" }, { "vulnerability": "VCID-v1ke-1b43-byhc" }, { "vulnerability": "VCID-vuy5-t9wc-gqb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-6" } ], "aliases": [ "CVE-2018-13785" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sngx-3zqa-kkgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71920?format=api", "vulnerability_id": "VCID-t5q5-b39g-t7hv", "summary": "libpng: LIBPNG buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23505", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23607", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23561", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643", "reference_id": "08da33b4c88cfcd36e5a706558a8d7e0e4773643", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217", "reference_id": "1121217", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "reference_id": "2416904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/686", "reference_id": "686", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/686" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/751", "reference_id": "751", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/751" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww", "reference_id": "GHSA-hfc7-ph9c-wcww", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww" }, { "reference_url": "https://security.gentoo.org/glsa/202511-06", "reference_id": "GLSA-202511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0125", "reference_id": "RHSA-2026:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0210", "reference_id": "RHSA-2026:0210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0211", "reference_id": "RHSA-2026:0211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0212", "reference_id": "RHSA-2026:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0216", "reference_id": "RHSA-2026:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0234", "reference_id": "RHSA-2026:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0237", "reference_id": "RHSA-2026:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0238", "reference_id": "RHSA-2026:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0241", "reference_id": "RHSA-2026:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0251", "reference_id": "RHSA-2026:0251", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0251" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0313", "reference_id": "RHSA-2026:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0321", "reference_id": "RHSA-2026:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0322", "reference_id": "RHSA-2026:0322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0323", "reference_id": "RHSA-2026:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://usn.ubuntu.com/7924-1/", "reference_id": "USN-7924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7924-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2025-64720" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5q5-b39g-t7hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68381?format=api", "vulnerability_id": "VCID-v1ke-1b43-byhc", "summary": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06823", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.0687", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06874", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06859", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444", "reference_id": "1125444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "reference_id": "2428824", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", "reference_id": "GHSA-vgjq-8cw5-ggw8", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12274", "reference_id": "RHSA-2026:12274", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6732", "reference_id": "RHSA-2026:6732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9254", "reference_id": "RHSA-2026:9254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9254" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9255", "reference_id": "RHSA-2026:9255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9255" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196161?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5" } ], "aliases": [ "CVE-2026-22801" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1ke-1b43-byhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41164?format=api", "vulnerability_id": "VCID-vuy5-t9wc-gqb4", "summary": "Out-of-bounds Write\nAn issue has been found in third-party PNM decoding associated with libpng It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83276", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.8326", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83283", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83288", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01831", "scoring_system": "epss", "scoring_elements": "0.83286", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token" }, { "reference_url": "https://github.com/glennrp/libpng", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/glennrp/libpng" }, { "reference_url": "https://github.com/glennrp/libpng/issues/246", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/glennrp/libpng/issues/246" }, { "reference_url": "https://security.gentoo.org/glsa/201908-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201908-02" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221028-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221028-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221028-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221028-0001/" }, { "reference_url": "https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608800", "reference_id": "1608800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608800" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14550", "reference_id": "CVE-2018-14550", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14550" }, { "reference_url": "https://github.com/advisories/GHSA-qwwr-qc2p-6283", "reference_id": "GHSA-qwwr-qc2p-6283", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qwwr-qc2p-6283" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196160?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14x7-f34b-5uhr" }, { "vulnerability": "VCID-5eh1-34nq-tff3" }, { "vulnerability": "VCID-5q66-zeyz-rfdb" }, { "vulnerability": "VCID-5rgq-xe5s-kkfc" }, { "vulnerability": "VCID-8fz1-8ztk-6ffz" }, { "vulnerability": "VCID-8gsp-rmdb-qfcn" }, { "vulnerability": "VCID-9snm-6n9z-kqam" }, { "vulnerability": "VCID-bcp5-yseg-gbgu" }, { "vulnerability": "VCID-gk3z-6dp9-73cd" }, { "vulnerability": "VCID-gtdx-fb61-ykbv" }, { "vulnerability": "VCID-jax5-tqk4-vucd" }, { "vulnerability": "VCID-qk2z-8x43-7khw" }, { "vulnerability": "VCID-sb2a-mfgz-jfgt" }, { "vulnerability": "VCID-t5q5-b39g-t7hv" }, { "vulnerability": "VCID-v1ke-1b43-byhc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3" } ], "aliases": [ "CVE-2018-14550", "GHSA-qwwr-qc2p-6283" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuy5-t9wc-gqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41162?format=api", "vulnerability_id": "VCID-yk3y-m6rn-ukbd", "summary": "Improper Input Validation\nlibpng does not properly check the length of chunks against the user limit.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00609", "scoring_system": "epss", "scoring_elements": "0.70122", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00609", "scoring_system": "epss", "scoring_elements": "0.70142", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00609", "scoring_system": "epss", "scoring_elements": "0.70163", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00609", "scoring_system": "epss", "scoring_elements": "0.70172", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00609", "scoring_system": "epss", "scoring_elements": "0.70154", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/109269", "reference_id": "109269", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "http://www.securityfocus.com/bid/109269" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733956", "reference_id": "1733956", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733956" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55", "reference_id": "347538efbdc21b8df684ebd92d37400b3ce85d55", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55" }, { "reference_url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE", "reference_id": "ANNOUNCE", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12652", "reference_id": "CVE-2017-12652", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12652" }, { "reference_url": "https://support.f5.com/csp/article/K88124225", "reference_id": "K88124225", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://support.f5.com/csp/article/K88124225" }, { "reference_url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS", "reference_id": "K88124225?utm_source=f5support&utm_medium=RSS", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220506-0003/", "reference_id": "ntap-20220506-0003", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220506-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3901", "reference_id": "RHSA-2020:3901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3901" }, { "reference_url": "https://usn.ubuntu.com/5432-1/", "reference_id": "USN-5432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5432-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5432-2/", "reference_id": "USN-USN-5432-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5432-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6390?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.36-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-14x7-f34b-5uhr" }, { "vulnerability": "VCID-5eh1-34nq-tff3" }, { "vulnerability": "VCID-5smk-e43v-2uhu" }, { "vulnerability": "VCID-8fz1-8ztk-6ffz" }, { "vulnerability": "VCID-8gsp-rmdb-qfcn" }, { "vulnerability": "VCID-9snm-6n9z-kqam" }, { "vulnerability": "VCID-bcp5-yseg-gbgu" }, { "vulnerability": "VCID-jax5-tqk4-vucd" }, { "vulnerability": "VCID-qk2z-8x43-7khw" }, { "vulnerability": "VCID-sb2a-mfgz-jfgt" }, { "vulnerability": "VCID-t5q5-b39g-t7hv" }, { "vulnerability": "VCID-v1ke-1b43-byhc" }, { "vulnerability": "VCID-vuy5-t9wc-gqb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-6" } ], "aliases": [ "CVE-2017-12652" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-m6rn-ukbd" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.28-1%252Bdeb9u1" }