Package Instance

reference_id

62725

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/

url

http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823
reference_id	773823
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673
reference_id	775673
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2015-0973
reference_id	CVE-2015-0973
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2015-0973

reference_url

reference_id

libpng_heap_overflow_1.6.15.txt

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/

url

http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt

reference_url

https://security.netapp.com/advisory/ntap-20240719-0005/

reference_id

ntap-20240719-0005

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/

url

https://security.netapp.com/advisory/ntap-20240719-0005/

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.16-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2015-0973

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ggs-vja8-r3de

url VCID-663w-wmsg-zkc5

vulnerability_id VCID-663w-wmsg-zkc5

summary

Out-of-bounds Write
An issue has been found in third-party PNM decoding associated with libpng It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14550

reference_id

reference_type

scores

value	0.01778
scoring_system	epss
scoring_elements	0.82728
published_at	2026-04-16T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.82682
published_at	2026-04-09T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.8269
published_at	2026-04-13T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.82695
published_at	2026-04-12T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.827
published_at	2026-04-11T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.82623
published_at	2026-04-01T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.82639
published_at	2026-04-02T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.82654
published_at	2026-04-04T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.8265
published_at	2026-04-07T12:55:00Z

value	0.01778
scoring_system	epss
scoring_elements	0.82676
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14550

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token

reference_url

https://github.com/glennrp/libpng

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/glennrp/libpng

reference_url

https://github.com/glennrp/libpng/issues/246

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/glennrp/libpng/issues/246

reference_url

https://security.gentoo.org/glsa/201908-02

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201908-02

reference_url

https://security.netapp.com/advisory/ntap-20221028-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221028-0001

reference_url	https://security.netapp.com/advisory/ntap-20221028-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221028-0001/

reference_url

https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1608800
reference_id	1608800
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1608800

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14550

reference_id

CVE-2018-14550

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14550

reference_url

https://github.com/advisories/GHSA-qwwr-qc2p-6283

reference_id

GHSA-qwwr-qc2p-6283

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qwwr-qc2p-6283

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.37-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2018-14550, GHSA-qwwr-qc2p-6283

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-663w-wmsg-zkc5

url VCID-7923-9g38-jqc3

vulnerability_id VCID-7923-9g38-jqc3

summary Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-65018

reference_id

reference_type

scores

value	0.00095
scoring_system	epss
scoring_elements	0.26497
published_at	2026-04-02T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26351
published_at	2026-04-16T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26541
published_at	2026-04-04T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26322
published_at	2026-04-07T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.2639
published_at	2026-04-08T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26441
published_at	2026-04-09T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26449
published_at	2026-04-11T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26403
published_at	2026-04-12T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26344
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-65018

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216
reference_id	1121216
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216

reference_url

https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d

reference_id

16b5e3823918840aae65c0a6da57c78a5a496a4d

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d

reference_url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_id

218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416907
reference_id	2416907
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416907

reference_url

https://github.com/pnggroup/libpng/issues/755

reference_id

755

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/issues/755

reference_url

https://github.com/pnggroup/libpng/pull/757

reference_id

757

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/pull/757

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g

reference_id

GHSA-7wv6-48j4-hj3g

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g

reference_url	https://security.gentoo.org/glsa/202511-06
reference_id	GLSA-202511-06
reference_type
scores
url	https://security.gentoo.org/glsa/202511-06

reference_url	https://access.redhat.com/errata/RHSA-2026:0125
reference_id	RHSA-2026:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0125

reference_url	https://access.redhat.com/errata/RHSA-2026:0210
reference_id	RHSA-2026:0210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0210

reference_url	https://access.redhat.com/errata/RHSA-2026:0211
reference_id	RHSA-2026:0211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0211

reference_url	https://access.redhat.com/errata/RHSA-2026:0212
reference_id	RHSA-2026:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0212

reference_url	https://access.redhat.com/errata/RHSA-2026:0216
reference_id	RHSA-2026:0216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0216

reference_url	https://access.redhat.com/errata/RHSA-2026:0234
reference_id	RHSA-2026:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0234

reference_url	https://access.redhat.com/errata/RHSA-2026:0237
reference_id	RHSA-2026:0237
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0237

reference_url	https://access.redhat.com/errata/RHSA-2026:0238
reference_id	RHSA-2026:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0238

reference_url	https://access.redhat.com/errata/RHSA-2026:0241
reference_id	RHSA-2026:0241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0241

reference_url	https://access.redhat.com/errata/RHSA-2026:0313
reference_id	RHSA-2026:0313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0313

reference_url	https://access.redhat.com/errata/RHSA-2026:0321
reference_id	RHSA-2026:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0321

reference_url	https://access.redhat.com/errata/RHSA-2026:0322
reference_id	RHSA-2026:0322
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0322

reference_url	https://access.redhat.com/errata/RHSA-2026:0323
reference_id	RHSA-2026:0323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0323

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0847
reference_id	RHSA-2026:0847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0847

reference_url	https://access.redhat.com/errata/RHSA-2026:0848
reference_id	RHSA-2026:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0848

reference_url	https://access.redhat.com/errata/RHSA-2026:0849
reference_id	RHSA-2026:0849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0849

reference_url	https://access.redhat.com/errata/RHSA-2026:0895
reference_id	RHSA-2026:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0895

reference_url	https://access.redhat.com/errata/RHSA-2026:0897
reference_id	RHSA-2026:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0897

reference_url	https://access.redhat.com/errata/RHSA-2026:0899
reference_id	RHSA-2026:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0899

reference_url	https://access.redhat.com/errata/RHSA-2026:0901
reference_id	RHSA-2026:0901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0901

reference_url	https://access.redhat.com/errata/RHSA-2026:0927
reference_id	RHSA-2026:0927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0927

reference_url	https://access.redhat.com/errata/RHSA-2026:0928
reference_id	RHSA-2026:0928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0928

reference_url	https://access.redhat.com/errata/RHSA-2026:0932
reference_id	RHSA-2026:0932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0932

reference_url	https://access.redhat.com/errata/RHSA-2026:0933
reference_id	RHSA-2026:0933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0933

reference_url	https://usn.ubuntu.com/7924-1/
reference_id	USN-7924-1
reference_type
scores
url	https://usn.ubuntu.com/7924-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2025-65018

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7923-9g38-jqc3

url VCID-7qam-er5a-gbas

vulnerability_id VCID-7qam-er5a-gbas

summary libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22801

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04618
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04625
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04692
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04674
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04658
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04642
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04654
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04688
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.047
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444
reference_id	1125444
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428824
reference_id	2428824
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428824

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

reference_id

GHSA-vgjq-8cw5-ggw8

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

reference_url	https://access.redhat.com/errata/RHSA-2026:3405
reference_id	RHSA-2026:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3405

reference_url	https://access.redhat.com/errata/RHSA-2026:3551
reference_id	RHSA-2026:3551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3551

reference_url	https://access.redhat.com/errata/RHSA-2026:3573
reference_id	RHSA-2026:3573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3573

reference_url	https://access.redhat.com/errata/RHSA-2026:3574
reference_id	RHSA-2026:3574
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3574

reference_url	https://access.redhat.com/errata/RHSA-2026:3575
reference_id	RHSA-2026:3575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3575

reference_url	https://access.redhat.com/errata/RHSA-2026:3576
reference_id	RHSA-2026:3576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3576

reference_url	https://access.redhat.com/errata/RHSA-2026:3577
reference_id	RHSA-2026:3577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3577

reference_url	https://access.redhat.com/errata/RHSA-2026:4306
reference_id	RHSA-2026:4306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4306

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4728
reference_id	RHSA-2026:4728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4728

reference_url	https://access.redhat.com/errata/RHSA-2026:4729
reference_id	RHSA-2026:4729
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4729

reference_url	https://access.redhat.com/errata/RHSA-2026:4730
reference_id	RHSA-2026:4730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4730

reference_url	https://access.redhat.com/errata/RHSA-2026:4731
reference_id	RHSA-2026:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4731

reference_url	https://access.redhat.com/errata/RHSA-2026:4732
reference_id	RHSA-2026:4732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4732

reference_url	https://access.redhat.com/errata/RHSA-2026:5606
reference_id	RHSA-2026:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5606

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.54-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2026-22801

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qam-er5a-gbas

url VCID-8g2j-rqsk-zqfh

vulnerability_id VCID-8g2j-rqsk-zqfh

summary

Improper Input Validation
libpng does not properly check the length of chunks against the user limit.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12652

reference_id

reference_type

scores

value	0.00621
scoring_system	epss
scoring_elements	0.70008
published_at	2026-04-01T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.7002
published_at	2026-04-02T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70113
published_at	2026-04-16T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70034
published_at	2026-04-04T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70011
published_at	2026-04-07T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70059
published_at	2026-04-08T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70075
published_at	2026-04-09T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70098
published_at	2026-04-11T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.70083
published_at	2026-04-12T12:55:00Z

value	0.00621
scoring_system	epss
scoring_elements	0.7007
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.securityfocus.com/bid/109269

reference_id

109269

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/

url

http://www.securityfocus.com/bid/109269

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1733956
reference_id	1733956
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1733956

reference_url

https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55

reference_id

347538efbdc21b8df684ebd92d37400b3ce85d55

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/

url

https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55

reference_url

https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE

reference_id

ANNOUNCE

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/

url

https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12652
reference_id	CVE-2017-12652
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12652

reference_url

https://support.f5.com/csp/article/K88124225

reference_id

K88124225

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/

url

https://support.f5.com/csp/article/K88124225

reference_url

https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS

reference_id

K88124225?utm_source=f5support&utm_medium=RSS

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/

url

https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS

reference_url

https://security.netapp.com/advisory/ntap-20220506-0003/

reference_id

ntap-20220506-0003

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/

url

https://security.netapp.com/advisory/ntap-20220506-0003/

reference_url	https://access.redhat.com/errata/RHSA-2020:3901
reference_id	RHSA-2020:3901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3901

reference_url	https://usn.ubuntu.com/5432-1/
reference_id	USN-5432-1
reference_type
scores
url	https://usn.ubuntu.com/5432-1/

reference_url	https://usn.ubuntu.com/USN-5432-2/
reference_id	USN-USN-5432-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5432-2/

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.32-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.32-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.32-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2017-12652

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8g2j-rqsk-zqfh

url VCID-9d14-kqac-nbbt

vulnerability_id VCID-9d14-kqac-nbbt

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the png_set_PLTE function in libpng  allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2594.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2594.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2595.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2595.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2596.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2596.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0055.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0055.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0056.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0056.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0057.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0057.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8472

reference_id

reference_type

scores

value	0.05471
scoring_system	epss
scoring_elements	0.90218
published_at	2026-04-16T12:55:00Z

value	0.05471
scoring_system	epss
scoring_elements	0.902
published_at	2026-04-13T12:55:00Z

value	0.05471
scoring_system	epss
scoring_elements	0.90156
published_at	2026-04-01T12:55:00Z

value	0.05471
scoring_system	epss
scoring_elements	0.90159
published_at	2026-04-02T12:55:00Z

value	0.05471
scoring_system	epss
scoring_elements	0.90171
published_at	2026-04-04T12:55:00Z

value	0.05471
scoring_system	epss
scoring_elements	0.90176
published_at	2026-04-07T12:55:00Z

value	0.05471
scoring_system	epss
scoring_elements	0.90192
published_at	2026-04-08T12:55:00Z

value	0.05471
scoring_system	epss
scoring_elements	0.90197
published_at	2026-04-09T12:55:00Z

value	0.05471
scoring_system	epss
scoring_elements	0.90206
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10148
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10148

reference_url	http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/
reference_id
reference_type
scores
url	http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/

reference_url	http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/
reference_id
reference_type
scores
url	http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/

reference_url	http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/
reference_id
reference_type
scores
url	http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/

reference_url	http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/
reference_id
reference_type
scores
url	http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/

reference_url	http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/
reference_id
reference_type
scores
url	http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/

reference_url	https://support.apple.com/HT206167
reference_id
reference_type
scores
url	https://support.apple.com/HT206167

reference_url	http://www.debian.org/security/2016/dsa-3443
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3443

reference_url	http://www.openwall.com/lists/oss-security/2015/12/03/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/12/03/6

reference_url	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/78624
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/78624

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1281756
reference_id	1281756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1281756

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112
reference_id	807112
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.0.64:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.0.64:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.0.64:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.0:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.1:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.10:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.11:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.12:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.13:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.14:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.15:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.16:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.17:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.18:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.19:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.2:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.20:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.21:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.22:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.23:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.24:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.25:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.26:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.27:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.28:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.29:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.3:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.30:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.31:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.32:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.33:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.34:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.34:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.34:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.35:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.35:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.35:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.36:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.36:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.36:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.37:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.37:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.37:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.38:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.38:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.38:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.39:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.39:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.39:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.4:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.40:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.40:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.40:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.41:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.41:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.41:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.42:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.42:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.42:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.43:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.43:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.43:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.44:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.44:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.44:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.45:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.45:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.45:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.46:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.46:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.46:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.47:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.47:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.47:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.48:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.48:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.48:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.49:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.49:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.49:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.50:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.50:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.50:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.51:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.51:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.51:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.52:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.52:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.52:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.53:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.53:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.53:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.54:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.2.54:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.54:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.0:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.1:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.10:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.11:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.12:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.13:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.14:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.15:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.16:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.17:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.2:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.3:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.4:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.4:::::::*

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.5:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.5:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.6:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.6:::::::*

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.7:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.7:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.8:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.8:::::::*

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.9:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.4.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.9:::::::*

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.1:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.1:::::::*

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.10:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.10:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.11:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.11:::::::*

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.12:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.12:::::::*

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.13:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.13:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.14:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.14:::::::*

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.15:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.15:::::::*

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.16:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.16:::::::*

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.17:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.17:::::::*

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.18:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.18:::::::*

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.19:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.19:::::::*

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.2:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.2:::::::*

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.20:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.20:::::::*

118

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.21:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.21:::::::*

119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.22:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.22:::::::*

120

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.23:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.23:::::::*

121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.24:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.24:::::::*

122

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.3:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.3:::::::*

123

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.4:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.4:::::::*

124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.5:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.5:::::::*

125

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.6:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.6:::::::*

126

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.7:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.7:::::::*

127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.8:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.8:::::::*

128

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.9:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.5.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.9:::::::*

129

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.0:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.0:::::::*

130

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.1:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.1:::::::*

131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.10:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.10:::::::*

132

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.11:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.11:::::::*

133

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.12:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.12:::::::*

134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.13:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.13:::::::*

135

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.14:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.14:::::::*

136

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.15:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.15:::::::*

137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.16:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.16:::::::*

138

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.17:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.17:::::::*

139

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.18:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.18:::::::*

140

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.19:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.19:::::::*

141

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.2:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.2:::::::*

142

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.3:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.3:::::::*

143

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.4:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.4:::::::*

144

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.5:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.5:::::::*

145

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.6:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.6:::::::*

146

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.7:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.7:::::::*

147

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.8:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.8:::::::*

148

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.9:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.9:::::::*

149

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

150

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8472

reference_id

CVE-2015-8472

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8472

151

reference_url	https://access.redhat.com/errata/RHSA-2015:2594
reference_id	RHSA-2015:2594
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2594

152

reference_url	https://access.redhat.com/errata/RHSA-2015:2595
reference_id	RHSA-2015:2595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2595

153

reference_url	https://access.redhat.com/errata/RHSA-2015:2596
reference_id	RHSA-2015:2596
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2596

154

reference_url	https://access.redhat.com/errata/RHSA-2016:0055
reference_id	RHSA-2016:0055
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0055

155

reference_url	https://access.redhat.com/errata/RHSA-2016:0056
reference_id	RHSA-2016:0056
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0056

156

reference_url	https://access.redhat.com/errata/RHSA-2016:0057
reference_id	RHSA-2016:0057
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0057

157

reference_url	https://access.redhat.com/errata/RHSA-2016:0098
reference_id	RHSA-2016:0098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0098

158

reference_url	https://access.redhat.com/errata/RHSA-2016:0099
reference_id	RHSA-2016:0099
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0099

159

reference_url	https://access.redhat.com/errata/RHSA-2016:0100
reference_id	RHSA-2016:0100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0100

160

reference_url	https://access.redhat.com/errata/RHSA-2016:0101
reference_id	RHSA-2016:0101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0101

161

reference_url	https://access.redhat.com/errata/RHSA-2016:1430
reference_id	RHSA-2016:1430
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1430

162

reference_url	https://usn.ubuntu.com/2861-1/
reference_id	USN-2861-1
reference_type
scores
url	https://usn.ubuntu.com/2861-1/

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.20-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.20-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.20-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2015-8472

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9d14-kqac-nbbt

url VCID-dm7h-c7wt-1kbs

vulnerability_id VCID-dm7h-c7wt-1kbs

summary libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33416

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12775
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13064
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12864
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12943
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12994
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12954
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12919
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12874
published_at	2026-04-13T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15898
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33416

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012
reference_id	1132012
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012

reference_url

https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb

reference_id

23019269764e35ed8458e517f1897bd3c54820eb

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451805
reference_id	2451805
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451805

reference_url

https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_id

7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_url

https://github.com/pnggroup/libpng/pull/824

reference_id

824

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/pull/824

reference_url

https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_id

a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_url

https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_id

c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

reference_id

GHSA-m4pc-p4q3-4c7j

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2026-33416

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs

url VCID-fx8t-41tv-hkdu

vulnerability_id VCID-fx8t-41tv-hkdu

summary

Use After Free
png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html

reference_url	http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7317

reference_id

reference_type

scores

value	0.00565
scoring_system	epss
scoring_elements	0.68464
published_at	2026-04-16T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68426
published_at	2026-04-13T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.6836
published_at	2026-04-01T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68458
published_at	2026-04-12T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.6847
published_at	2026-04-11T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68444
published_at	2026-04-09T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68427
published_at	2026-04-08T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68376
published_at	2026-04-07T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.68381
published_at	2026-04-02T12:55:00Z

value	0.00565
scoring_system	epss
scoring_elements	0.684
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7317

reference_url	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803
reference_id
reference_type
scores
url	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/glennrp/libpng/issues/275
reference_id
reference_type
scores
url	https://github.com/glennrp/libpng/issues/275

reference_url	https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html

reference_url	https://seclists.org/bugtraq/2019/Apr/30
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Apr/30

reference_url	https://seclists.org/bugtraq/2019/Apr/36
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/Apr/36

reference_url	https://seclists.org/bugtraq/2019/May/56
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/May/56

reference_url	https://seclists.org/bugtraq/2019/May/59
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/May/59

reference_url	https://seclists.org/bugtraq/2019/May/67
reference_id
reference_type
scores
url	https://seclists.org/bugtraq/2019/May/67

reference_url	https://security.gentoo.org/glsa/201908-02
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201908-02

reference_url	https://security.netapp.com/advisory/ntap-20190719-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190719-0005/

reference_url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us
reference_id
reference_type
scores
url	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us

reference_url	https://www.debian.org/security/2019/dsa-4435
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4435

reference_url	https://www.debian.org/security/2019/dsa-4448
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4448

reference_url	https://www.debian.org/security/2019/dsa-4451
reference_id
reference_type
scores
url	https://www.debian.org/security/2019/dsa-4451

reference_url	https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	http://www.securityfocus.com/bid/108098
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/108098

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1672409
reference_id	1672409
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1672409

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355
reference_id	921355
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355

reference_url	https://security.archlinux.org/ASA-201904-10
reference_id	ASA-201904-10
reference_type
scores
url	https://security.archlinux.org/ASA-201904-10

reference_url	https://security.archlinux.org/ASA-201905-8
reference_id	ASA-201905-8
reference_type
scores
url	https://security.archlinux.org/ASA-201905-8

reference_url	https://security.archlinux.org/ASA-201905-9
reference_id	ASA-201905-9
reference_type
scores
url	https://security.archlinux.org/ASA-201905-9

reference_url

https://security.archlinux.org/AVG-868

reference_id

AVG-868

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-868

reference_url

https://security.archlinux.org/AVG-965

reference_id

AVG-965

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-965

reference_url

https://security.archlinux.org/AVG-966

reference_id

AVG-966

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-966

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite::::::::
reference_id	cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:::::advanced:::*
reference_id	cpe:2.3:a:hp:xp7_command_view:::::advanced:::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:::::advanced:::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng::::::::
reference_id	cpe:2.3:a:libpng:libpng::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:-:::::::*
reference_id	cpe:2.3:a:mozilla:thunderbird:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:::::vmware_vsphere::
reference_id	cpe:2.3:a:netapp:active_iq_unified_manager:9.6:::::vmware_vsphere::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:::::vmware_vsphere::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:::::windows::
reference_id	cpe:2.3:a:netapp:active_iq_unified_manager:9.6:::::windows::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:::::windows::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
reference_id	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*
reference_id	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:::::::*
reference_id	cpe:2.3:a:netapp:cloud_backup:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management:-:::::vcenter::
reference_id	cpe:2.3:a:netapp:e-series_santricity_management:-:::::vcenter::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management:-:::::vcenter::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager::::::::
reference_id	cpe:2.3:a:netapp:e-series_santricity_storage_manager::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager::::::::
reference_id	cpe:2.3:a:netapp:e-series_santricity_unified_manager::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services::::::web_services_proxy::*
reference_id	cpe:2.3:a:netapp:e-series_santricity_web_services::::::web_services_proxy::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services::::::web_services_proxy::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight::::::::
reference_id	cpe:2.3:a:netapp:oncommand_insight::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation::::::::
reference_id	cpe:2.3:a:netapp:oncommand_workflow_automation::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*
reference_id	cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1::::oracle::*
reference_id	cpe:2.3:a:netapp:snapmanager:3.4.2:p1::::oracle::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1::::oracle::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1::::sap::*
reference_id	cpe:2.3:a:netapp:snapmanager:3.4.2:p1::::sap::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1::::sap::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager::::::oracle::*
reference_id	cpe:2.3:a:netapp:snapmanager::::::oracle::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager::::::oracle::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager::::::sap::*
reference_id	cpe:2.3:a:netapp:snapmanager::::::sap::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager::::::sap::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore:-:::::::*
reference_id	cpe:2.3:a:netapp:steelstore:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:package_hub:-:::::::*
reference_id	cpe:2.3:a:opensuse:package_hub:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:package_hub:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:::::::*
reference_id	cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:7u221:::::::*
reference_id	cpe:2.3:a:oracle:java_se:7u221:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:7u221:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u212:::::::*
reference_id	cpe:2.3:a:oracle:java_se:8u212:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u212:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:::::::*
reference_id	cpe:2.3:a:oracle:jdk:11.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:12.0.1:::::::*
reference_id	cpe:2.3:a:oracle:jdk:12.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:12.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql::::::::
reference_id	cpe:2.3:a:oracle:mysql::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:::::::*
reference_id	cpe:2.3:a:redhat:satellite:5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:::::::*

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

106

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7317

reference_id

CVE-2019-7317

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7317

107

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-13

reference_id

mfsa2019-13

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-13

108

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-14

reference_id

mfsa2019-14

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-14

109

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-15

reference_id

mfsa2019-15

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-15

110

reference_url	https://access.redhat.com/errata/RHSA-2019:1265
reference_id	RHSA-2019:1265
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1265

111

reference_url	https://access.redhat.com/errata/RHSA-2019:1267
reference_id	RHSA-2019:1267
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1267

112

reference_url	https://access.redhat.com/errata/RHSA-2019:1269
reference_id	RHSA-2019:1269
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1269

113

reference_url	https://access.redhat.com/errata/RHSA-2019:1308
reference_id	RHSA-2019:1308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1308

114

reference_url	https://access.redhat.com/errata/RHSA-2019:1309
reference_id	RHSA-2019:1309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1309

115

reference_url	https://access.redhat.com/errata/RHSA-2019:1310
reference_id	RHSA-2019:1310
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1310

116

reference_url	https://access.redhat.com/errata/RHSA-2019:2494
reference_id	RHSA-2019:2494
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2494

117

reference_url	https://access.redhat.com/errata/RHSA-2019:2495
reference_id	RHSA-2019:2495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2495

118

reference_url	https://access.redhat.com/errata/RHSA-2019:2585
reference_id	RHSA-2019:2585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2585

119

reference_url	https://access.redhat.com/errata/RHSA-2019:2590
reference_id	RHSA-2019:2590
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2590

120

reference_url	https://access.redhat.com/errata/RHSA-2019:2592
reference_id	RHSA-2019:2592
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2592

121

reference_url	https://access.redhat.com/errata/RHSA-2019:2737
reference_id	RHSA-2019:2737
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2737

122

reference_url	https://usn.ubuntu.com/3962-1/
reference_id	USN-3962-1
reference_type
scores
url	https://usn.ubuntu.com/3962-1/

123

reference_url	https://usn.ubuntu.com/3991-1/
reference_id	USN-3991-1
reference_type
scores
url	https://usn.ubuntu.com/3991-1/

124

reference_url	https://usn.ubuntu.com/3997-1/
reference_id	USN-3997-1
reference_type
scores
url	https://usn.ubuntu.com/3997-1/

125

reference_url	https://usn.ubuntu.com/4080-1/
reference_id	USN-4080-1
reference_type
scores
url	https://usn.ubuntu.com/4080-1/

126

reference_url	https://usn.ubuntu.com/4083-1/
reference_id	USN-4083-1
reference_type
scores
url	https://usn.ubuntu.com/4083-1/

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.36-4?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.36-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-4%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2019-7317

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fx8t-41tv-hkdu

url VCID-gk2b-sstt-2fgh

vulnerability_id VCID-gk2b-sstt-2fgh

summary libpng: memory leak of png_info struct in pngcp.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6129

reference_id

reference_type

scores

value	0.00284
scoring_system	epss
scoring_elements	0.51731
published_at	2026-04-01T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51877
published_at	2026-04-16T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.5185
published_at	2026-04-12T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51835
published_at	2026-04-13T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51781
published_at	2026-04-02T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51806
published_at	2026-04-04T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51767
published_at	2026-04-07T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51822
published_at	2026-04-08T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51819
published_at	2026-04-09T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.5187
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129

reference_url	https://github.com/glennrp/libpng/issues/269
reference_id
reference_type
scores
url	https://github.com/glennrp/libpng/issues/269

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1667127
reference_id	1667127
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1667127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.36:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.36:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.36:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6129

reference_id

CVE-2019-6129

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6129

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.39-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.39-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2019-6129

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gk2b-sstt-2fgh

url VCID-h89j-mr17-rua9

vulnerability_id VCID-h89j-mr17-rua9

summary

Uncontrolled Resource Consumption
Multiple integer overflows in libpng rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7354.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7354.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7354

reference_id

reference_type

scores

value	0.00567
scoring_system	epss
scoring_elements	0.68438
published_at	2026-04-01T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68457
published_at	2026-04-02T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68452
published_at	2026-04-07T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68502
published_at	2026-04-13T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.6852
published_at	2026-04-09T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68546
published_at	2026-04-11T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68533
published_at	2026-04-12T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68542
published_at	2026-04-16T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68476
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7354

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1086516
reference_id	1086516
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1086516

reference_url

reference_id

199

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/

url

http://www.securityfocus.com/bid/67344

reference_url

reference_id

67344

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/

url

http://www.securityfocus.com/bid/67344

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/

url

http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2013-7354
reference_id	CVE-2013-7354
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2013-7354

reference_url	https://security.gentoo.org/glsa/201408-06
reference_id	GLSA-201408-06
reference_type
scores
url	https://security.gentoo.org/glsa/201408-06

reference_url

reference_id

msg00015.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/

url

http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2013-7354

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h89j-mr17-rua9

url VCID-j7dk-wzkm-tfcr

vulnerability_id VCID-j7dk-wzkm-tfcr

summary libpng: LIBPNG out-of-bounds read in png_image_read_composite

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66293

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.24185
published_at	2026-04-02T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30342
published_at	2026-04-16T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30511
published_at	2026-04-04T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30323
published_at	2026-04-07T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30382
published_at	2026-04-08T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30416
published_at	2026-04-09T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30418
published_at	2026-04-11T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30374
published_at	2026-04-12T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30326
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66293

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877
reference_id	1121877
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2418711
reference_id	2418711
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2418711

reference_url

https://github.com/pnggroup/libpng/issues/764

reference_id

764

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/issues/764

reference_url

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

reference_id

788a624d7387a758ffd5c7ab010f1870dea753a1

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

reference_url

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_id

a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

reference_id

GHSA-9mpm-9pxh-mg4f

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

reference_url	https://access.redhat.com/errata/RHSA-2026:0125
reference_id	RHSA-2026:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0125

reference_url	https://access.redhat.com/errata/RHSA-2026:0210
reference_id	RHSA-2026:0210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0210

reference_url	https://access.redhat.com/errata/RHSA-2026:0211
reference_id	RHSA-2026:0211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0211

reference_url	https://access.redhat.com/errata/RHSA-2026:0212
reference_id	RHSA-2026:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0212

reference_url	https://access.redhat.com/errata/RHSA-2026:0216
reference_id	RHSA-2026:0216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0216

reference_url	https://access.redhat.com/errata/RHSA-2026:0234
reference_id	RHSA-2026:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0234

reference_url	https://access.redhat.com/errata/RHSA-2026:0237
reference_id	RHSA-2026:0237
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0237

reference_url	https://access.redhat.com/errata/RHSA-2026:0238
reference_id	RHSA-2026:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0238

reference_url	https://access.redhat.com/errata/RHSA-2026:0241
reference_id	RHSA-2026:0241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0241

reference_url	https://access.redhat.com/errata/RHSA-2026:0313
reference_id	RHSA-2026:0313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0313

reference_url	https://access.redhat.com/errata/RHSA-2026:0321
reference_id	RHSA-2026:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0321

reference_url	https://access.redhat.com/errata/RHSA-2026:0322
reference_id	RHSA-2026:0322
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0322

reference_url	https://access.redhat.com/errata/RHSA-2026:0323
reference_id	RHSA-2026:0323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0323

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:2072
reference_id	RHSA-2026:2072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2072

reference_url	https://access.redhat.com/errata/RHSA-2026:2633
reference_id	RHSA-2026:2633
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2633

reference_url	https://access.redhat.com/errata/RHSA-2026:2659
reference_id	RHSA-2026:2659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2659

reference_url	https://access.redhat.com/errata/RHSA-2026:2671
reference_id	RHSA-2026:2671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2671

reference_url	https://access.redhat.com/errata/RHSA-2026:2974
reference_id	RHSA-2026:2974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2974

reference_url	https://access.redhat.com/errata/RHSA-2026:3415
reference_id	RHSA-2026:3415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3415

reference_url	https://access.redhat.com/errata/RHSA-2026:3861
reference_id	RHSA-2026:3861
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3861

reference_url	https://access.redhat.com/errata/RHSA-2026:4419
reference_id	RHSA-2026:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4419

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.52-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.52-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.52-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2025-66293

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7dk-wzkm-tfcr

url VCID-kwag-k17x-kyaj

vulnerability_id VCID-kwag-k17x-kyaj

summary Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64505

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07201
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07207
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07245
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07223
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07304
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.073
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07286
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07276
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219
reference_id	1121219
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416905
reference_id	2416905
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416905

reference_url

https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37

reference_id

6a528eb5fd0dd7f6de1c39d30de0e41473431c37

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/

url

https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37

reference_url

https://github.com/pnggroup/libpng/pull/748

reference_id

748

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/

url

https://github.com/pnggroup/libpng/pull/748

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42

reference_id

GHSA-4952-h5wq-4m42

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42

reference_url	https://security.gentoo.org/glsa/202511-06
reference_id	GLSA-202511-06
reference_type
scores
url	https://security.gentoo.org/glsa/202511-06

reference_url	https://usn.ubuntu.com/7924-1/
reference_id	USN-7924-1
reference_type
scores
url	https://usn.ubuntu.com/7924-1/

reference_url	https://usn.ubuntu.com/8081-1/
reference_id	USN-8081-1
reference_type
scores
url	https://usn.ubuntu.com/8081-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2025-64505

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwag-k17x-kyaj

url VCID-mxh6-rpb3-tbbq

vulnerability_id VCID-mxh6-rpb3-tbbq

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9495

reference_id

reference_type

scores

value	0.03487
scoring_system	epss
scoring_elements	0.87524
published_at	2026-04-01T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87534
published_at	2026-04-02T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87547
published_at	2026-04-04T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87549
published_at	2026-04-07T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87568
published_at	2026-04-08T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87575
published_at	2026-04-09T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87586
published_at	2026-04-11T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87582
published_at	2026-04-12T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87579
published_at	2026-04-13T12:55:00Z

value	0.03487
scoring_system	epss
scoring_elements	0.87593
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9495

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495

reference_url

http://www.openwall.com/lists/oss-security/2015/01/10/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/

url

http://www.openwall.com/lists/oss-security/2015/01/10/1

reference_url

http://www.securitytracker.com/id/1031444

reference_id

1031444

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/

url

http://www.securitytracker.com/id/1031444

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1179186
reference_id	1179186
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1179186

reference_url

http://www.openwall.com/lists/oss-security/2015/01/04/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/

url

http://www.openwall.com/lists/oss-security/2015/01/04/3

reference_url

http://www.openwall.com/lists/oss-security/2015/01/10/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/

url

http://www.openwall.com/lists/oss-security/2015/01/10/3

reference_url

http://sourceforge.net/p/png-mng/mailman/message/33172831/

reference_id

33172831

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/

url

http://sourceforge.net/p/png-mng/mailman/message/33172831/

reference_url

http://sourceforge.net/p/png-mng/mailman/message/33173461/

reference_id

33173461

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/

url

http://sourceforge.net/p/png-mng/mailman/message/33173461/

reference_url

reference_id

62725

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/

url

http://www.securityfocus.com/bid/71820

reference_url

reference_id

71820

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/

url

http://www.securityfocus.com/bid/71820

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823
reference_id	773823
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824
reference_id	773824
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2014-9495
reference_id	CVE-2014-9495
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2014-9495

reference_url	https://security.gentoo.org/glsa/201502-10
reference_id	GLSA-201502-10
reference_type
scores
url	https://security.gentoo.org/glsa/201502-10

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.16-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2014-9495

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mxh6-rpb3-tbbq

url VCID-n4kj-urjq-2uav

vulnerability_id VCID-n4kj-urjq-2uav

summary Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64720

reference_id

reference_type

scores

value	0.00101
scoring_system	epss
scoring_elements	0.27983
published_at	2026-04-02T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27831
published_at	2026-04-16T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.28025
published_at	2026-04-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27816
published_at	2026-04-07T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27883
published_at	2026-04-12T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27924
published_at	2026-04-09T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27925
published_at	2026-04-11T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27824
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643

reference_id

08da33b4c88cfcd36e5a706558a8d7e0e4773643

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/

url

https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217
reference_id	1121217
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416904
reference_id	2416904
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416904

reference_url

https://github.com/pnggroup/libpng/issues/686

reference_id

686

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/

url

https://github.com/pnggroup/libpng/issues/686

reference_url

https://github.com/pnggroup/libpng/pull/751

reference_id

751

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/

url

https://github.com/pnggroup/libpng/pull/751

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww

reference_id

GHSA-hfc7-ph9c-wcww

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww

reference_url	https://security.gentoo.org/glsa/202511-06
reference_id	GLSA-202511-06
reference_type
scores
url	https://security.gentoo.org/glsa/202511-06

reference_url	https://access.redhat.com/errata/RHSA-2026:0125
reference_id	RHSA-2026:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0125

reference_url	https://access.redhat.com/errata/RHSA-2026:0210
reference_id	RHSA-2026:0210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0210

reference_url	https://access.redhat.com/errata/RHSA-2026:0211
reference_id	RHSA-2026:0211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0211

reference_url	https://access.redhat.com/errata/RHSA-2026:0212
reference_id	RHSA-2026:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0212

reference_url	https://access.redhat.com/errata/RHSA-2026:0216
reference_id	RHSA-2026:0216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0216

reference_url	https://access.redhat.com/errata/RHSA-2026:0234
reference_id	RHSA-2026:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0234

reference_url	https://access.redhat.com/errata/RHSA-2026:0237
reference_id	RHSA-2026:0237
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0237

reference_url	https://access.redhat.com/errata/RHSA-2026:0238
reference_id	RHSA-2026:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0238

reference_url	https://access.redhat.com/errata/RHSA-2026:0241
reference_id	RHSA-2026:0241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0241

reference_url	https://access.redhat.com/errata/RHSA-2026:0251
reference_id	RHSA-2026:0251
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0251

reference_url	https://access.redhat.com/errata/RHSA-2026:0313
reference_id	RHSA-2026:0313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0313

reference_url	https://access.redhat.com/errata/RHSA-2026:0321
reference_id	RHSA-2026:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0321

reference_url	https://access.redhat.com/errata/RHSA-2026:0322
reference_id	RHSA-2026:0322
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0322

reference_url	https://access.redhat.com/errata/RHSA-2026:0323
reference_id	RHSA-2026:0323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0323

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0847
reference_id	RHSA-2026:0847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0847

reference_url	https://access.redhat.com/errata/RHSA-2026:0848
reference_id	RHSA-2026:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0848

reference_url	https://access.redhat.com/errata/RHSA-2026:0849
reference_id	RHSA-2026:0849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0849

reference_url	https://access.redhat.com/errata/RHSA-2026:0895
reference_id	RHSA-2026:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0895

reference_url	https://access.redhat.com/errata/RHSA-2026:0897
reference_id	RHSA-2026:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0897

reference_url	https://access.redhat.com/errata/RHSA-2026:0899
reference_id	RHSA-2026:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0899

reference_url	https://access.redhat.com/errata/RHSA-2026:0901
reference_id	RHSA-2026:0901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0901

reference_url	https://access.redhat.com/errata/RHSA-2026:0927
reference_id	RHSA-2026:0927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0927

reference_url	https://access.redhat.com/errata/RHSA-2026:0928
reference_id	RHSA-2026:0928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0928

reference_url	https://access.redhat.com/errata/RHSA-2026:0932
reference_id	RHSA-2026:0932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0932

reference_url	https://access.redhat.com/errata/RHSA-2026:0933
reference_id	RHSA-2026:0933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0933

reference_url	https://usn.ubuntu.com/7924-1/
reference_id	USN-7924-1
reference_type
scores
url	https://usn.ubuntu.com/7924-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2025-64720

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kj-urjq-2uav

url VCID-nhbw-6tpy-pbh3

vulnerability_id VCID-nhbw-6tpy-pbh3

summary

Uncontrolled Resource Consumption
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0333

reference_id

reference_type

scores

value	0.00764
scoring_system	epss
scoring_elements	0.73361
published_at	2026-04-01T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73371
published_at	2026-04-02T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73395
published_at	2026-04-04T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73366
published_at	2026-04-07T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73403
published_at	2026-04-08T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73417
published_at	2026-04-09T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.7344
published_at	2026-04-11T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.7342
published_at	2026-04-12T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73412
published_at	2026-04-13T12:55:00Z

value	0.00764
scoring_system	epss
scoring_elements	0.73454
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0333

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1070985
reference_id	1070985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1070985

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2014-0333
reference_id	CVE-2014-0333
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2014-0333

reference_url	https://security.gentoo.org/glsa/201408-06
reference_id	GLSA-201408-06
reference_type
scores
url	https://security.gentoo.org/glsa/201408-06

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2014-0333

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbw-6tpy-pbh3

url VCID-p6b5-1ba6-b3f8

vulnerability_id VCID-p6b5-1ba6-b3f8

summary Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64506

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07201
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07207
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07245
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07223
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07304
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.073
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07286
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07276
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218
reference_id	1121218
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416906
reference_id	2416906
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416906

reference_url

https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821

reference_id

2bd84c019c300b78e811743fbcddb67c9d9bf821

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/

url

https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821

reference_url

https://github.com/pnggroup/libpng/pull/749

reference_id

749

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/

url

https://github.com/pnggroup/libpng/pull/749

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6

reference_id

GHSA-qpr4-xm66-hww6

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6

reference_url	https://security.gentoo.org/glsa/202511-06
reference_id	GLSA-202511-06
reference_type
scores
url	https://security.gentoo.org/glsa/202511-06

reference_url	https://usn.ubuntu.com/7924-1/
reference_id	USN-7924-1
reference_type
scores
url	https://usn.ubuntu.com/7924-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2025-64506

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6b5-1ba6-b3f8

url VCID-ptgq-884e-mkft

vulnerability_id VCID-ptgq-884e-mkft

summary libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33636

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09418
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09521
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09433
published_at	2026-04-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09508
published_at	2026-04-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09555
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09569
published_at	2026-04-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0954
published_at	2026-04-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09524
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10217
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013
reference_id	1132013
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451819
reference_id	2451819
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451819

reference_url

https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_id

7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_url

https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_id

aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

reference_id

GHSA-wjr5-c57x-95m2

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2026-33636

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft

url VCID-q3qv-kycc-eqfw

vulnerability_id VCID-q3qv-kycc-eqfw

summary

Divide By Zero
In libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-13785

reference_id

reference_type

scores

value	0.02919
scoring_system	epss
scoring_elements	0.86407
published_at	2026-04-16T12:55:00Z

value	0.02919
scoring_system	epss
scoring_elements	0.86374
published_at	2026-04-08T12:55:00Z

value	0.02919
scoring_system	epss
scoring_elements	0.86384
published_at	2026-04-09T12:55:00Z

value	0.02919
scoring_system	epss
scoring_elements	0.86397
published_at	2026-04-11T12:55:00Z

value	0.02919
scoring_system	epss
scoring_elements	0.86396
published_at	2026-04-12T12:55:00Z

value	0.02919
scoring_system	epss
scoring_elements	0.8639
published_at	2026-04-13T12:55:00Z

value	0.02997
scoring_system	epss
scoring_elements	0.86527
published_at	2026-04-04T12:55:00Z

value	0.02997
scoring_system	epss
scoring_elements	0.86498
published_at	2026-04-01T12:55:00Z

value	0.02997
scoring_system	epss
scoring_elements	0.86526
published_at	2026-04-07T12:55:00Z

value	0.02997
scoring_system	epss
scoring_elements	0.86508
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-13785

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
reference_id
reference_type
scores
url	https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2

reference_url	https://security.netapp.com/advisory/ntap-20181018-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20181018-0001/

reference_url	https://sourceforge.net/p/libpng/bugs/278/
reference_id
reference_type
scores
url	https://sourceforge.net/p/libpng/bugs/278/

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url	http://www.securityfocus.com/bid/105599
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105599

reference_url	http://www.securitytracker.com/id/1041889
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041889

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1599943
reference_id	1599943
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1599943

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430
reference_id	903430
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.34:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:::::::*
reference_id	cpe:2.3:a:oracle:jdk:11.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201::::::
reference_id	cpe:2.3:a:oracle:jdk:1.6.0:update201::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191::::::
reference_id	cpe:2.3:a:oracle:jdk:1.7.0:update191::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181::::::
reference_id	cpe:2.3:a:oracle:jdk:1.8.0:update181::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:::::::*
reference_id	cpe:2.3:a:oracle:jre:11.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201::::::
reference_id	cpe:2.3:a:oracle:jre:1.6.0:update201::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191::::::
reference_id	cpe:2.3:a:oracle:jre:1.7.0:update191::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181::::::
reference_id	cpe:2.3:a:oracle:jre:1.8.0:update181::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-13785

reference_id

CVE-2018-13785

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-13785

reference_url	https://security.gentoo.org/glsa/201908-10
reference_id	GLSA-201908-10
reference_type
scores
url	https://security.gentoo.org/glsa/201908-10

reference_url	https://access.redhat.com/errata/RHSA-2018:3000
reference_id	RHSA-2018:3000
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3000

reference_url	https://access.redhat.com/errata/RHSA-2018:3001
reference_id	RHSA-2018:3001
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3001

reference_url	https://access.redhat.com/errata/RHSA-2018:3002
reference_id	RHSA-2018:3002
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3002

reference_url	https://access.redhat.com/errata/RHSA-2018:3003
reference_id	RHSA-2018:3003
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3003

reference_url	https://access.redhat.com/errata/RHSA-2018:3007
reference_id	RHSA-2018:3007
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3007

reference_url	https://access.redhat.com/errata/RHSA-2018:3008
reference_id	RHSA-2018:3008
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3008

reference_url	https://access.redhat.com/errata/RHSA-2018:3533
reference_id	RHSA-2018:3533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3533

reference_url	https://access.redhat.com/errata/RHSA-2018:3534
reference_id	RHSA-2018:3534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3534

reference_url	https://access.redhat.com/errata/RHSA-2018:3671
reference_id	RHSA-2018:3671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3671

reference_url	https://access.redhat.com/errata/RHSA-2018:3672
reference_id	RHSA-2018:3672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3672

reference_url	https://access.redhat.com/errata/RHSA-2018:3779
reference_id	RHSA-2018:3779
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3779

reference_url	https://access.redhat.com/errata/RHSA-2018:3852
reference_id	RHSA-2018:3852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3852

reference_url	https://usn.ubuntu.com/3712-1/
reference_id	USN-3712-1
reference_type
scores
url	https://usn.ubuntu.com/3712-1/

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.34-2?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.34-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.34-2%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2018-13785

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3qv-kycc-eqfw

url VCID-rm7f-ybuf-dyfq

vulnerability_id VCID-rm7f-ybuf-dyfq

summary libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22695

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.08627
published_at	2026-04-02T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08548
published_at	2026-04-16T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08678
published_at	2026-04-04T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08597
published_at	2026-04-07T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08671
published_at	2026-04-08T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08696
published_at	2026-04-11T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08673
published_at	2026-04-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.0866
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22695

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443
reference_id	1125443
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443

reference_url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_id

218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428825
reference_id	2428825
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428825

reference_url

https://github.com/pnggroup/libpng/issues/778

reference_id

778

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/issues/778

reference_url

https://github.com/pnggroup/libpng/commit/e4f7ad4ea2

reference_id

e4f7ad4ea2

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/commit/e4f7ad4ea2

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

reference_id

GHSA-mmq5-27w3-rxpp

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

reference_url	https://access.redhat.com/errata/RHSA-2026:3405
reference_id	RHSA-2026:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3405

reference_url	https://access.redhat.com/errata/RHSA-2026:3551
reference_id	RHSA-2026:3551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3551

reference_url	https://access.redhat.com/errata/RHSA-2026:3573
reference_id	RHSA-2026:3573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3573

reference_url	https://access.redhat.com/errata/RHSA-2026:3574
reference_id	RHSA-2026:3574
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3574

reference_url	https://access.redhat.com/errata/RHSA-2026:3575
reference_id	RHSA-2026:3575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3575

reference_url	https://access.redhat.com/errata/RHSA-2026:3576
reference_id	RHSA-2026:3576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3576

reference_url	https://access.redhat.com/errata/RHSA-2026:3577
reference_id	RHSA-2026:3577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3577

reference_url	https://access.redhat.com/errata/RHSA-2026:4306
reference_id	RHSA-2026:4306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4306

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4728
reference_id	RHSA-2026:4728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4728

reference_url	https://access.redhat.com/errata/RHSA-2026:4729
reference_id	RHSA-2026:4729
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4729

reference_url	https://access.redhat.com/errata/RHSA-2026:4730
reference_id	RHSA-2026:4730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4730

reference_url	https://access.redhat.com/errata/RHSA-2026:4731
reference_id	RHSA-2026:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4731

reference_url	https://access.redhat.com/errata/RHSA-2026:4732
reference_id	RHSA-2026:4732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4732

reference_url	https://access.redhat.com/errata/RHSA-2026:5606
reference_id	RHSA-2026:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5606

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gk2b-sstt-2fgh

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.54-1%3Fdistro=trixie

url pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

purl pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie

url	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
purl	pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie

aliases CVE-2026-22695

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7f-ybuf-dyfq

url VCID-una1-4acn-s3dy

vulnerability_id VCID-una1-4acn-s3dy

summary

Heap-based Buffer Overflow
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7353.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7353.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-7353

reference_id

reference_type

scores

value	0.00412
scoring_system	epss
scoring_elements	0.61351
published_at	2026-04-01T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61428
published_at	2026-04-02T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61474
published_at	2026-04-08T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61489
published_at	2026-04-09T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.6151
published_at	2026-04-11T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61497
published_at	2026-04-12T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61477
published_at	2026-04-13T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61517
published_at	2026-04-16T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61456
published_at	2026-04-04T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61427
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-7353

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1086514
reference_id	1086514
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1086514

reference_url

reference_id

199

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/

url

http://www.securityfocus.com/bid/67345

reference_url

reference_id

67345

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/

url

http://www.securityfocus.com/bid/67345

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/

url