Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/928247?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "libpng1.6", "version": "1.6.39-2+deb12u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.39-2+deb12u2", "latest_non_vulnerable_version": "1.6.57-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64864?format=api", "vulnerability_id": "VCID-uxj6-4181-rygt", "summary": "libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03304", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0444", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04497", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04513", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04503", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04471", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04464", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433398", "reference_id": "2433398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433398" }, { "reference_url": "https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20", "reference_id": "506516f8c22178005b4379c8b2a7de20", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/" } ], "url": "https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/655", "reference_id": "655", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/655" }, { "reference_url": "https://usn.ubuntu.com/7993-1/", "reference_id": "USN-7993-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7993-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928260?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.47-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.47-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-28164" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxj6-4181-rygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64865?format=api", "vulnerability_id": "VCID-uxqz-nx2v-6yc5", "summary": "libpng: libpng: Denial of Service via buffer overflow in pngimage utility", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03304", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0444", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04497", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04513", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04503", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04471", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04464", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-28162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433407", "reference_id": "2433407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433407" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/656", "reference_id": "656", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/656" }, { "reference_url": "https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60", "reference_id": "fbfdb9b5610c6b3db0d5dea045a07c60", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/" } ], "url": "https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60" }, { "reference_url": "https://usn.ubuntu.com/7993-1/", "reference_id": "USN-7993-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7993-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928260?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.47-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.47-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-28162" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxqz-nx2v-6yc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351001?format=api", "vulnerability_id": "VCID-zmjn-418h-ebg8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34757", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01728", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01717", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01718", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0348", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051", "reference_id": "1133051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456918", "reference_id": "2456918", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456918" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", "reference_id": "398cbe3df03f4e11bb031e07f416dfdde3684e8a", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "reference_id": "55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/836", "reference_id": "836", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/836" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/837", "reference_id": "837", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/837" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", "reference_id": "GHSA-6fr7-g8h7-v645", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-34757" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zmjn-418h-ebg8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9619?format=api", "vulnerability_id": "VCID-2xdm-ndp3-47f4", "summary": "Improper Handling of Exceptional Conditions\nAn issue has been found in libpng It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74473", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74557", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74547", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74519", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74476", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74478", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.7451", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00829", "scoring_system": "epss", "scoring_elements": "0.74525", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/fouzhe/security/tree/master/libpng", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/fouzhe/security/tree/master/libpng" }, { "reference_url": "https://github.com/glennrp/libpng/issues/238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/glennrp/libpng/issues/238" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/30", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/30" }, { "reference_url": "https://security.gentoo.org/glsa/201908-02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-02" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608073", "reference_id": "1608073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608073" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14048", "reference_id": "CVE-2018-14048", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14048" }, { "reference_url": "https://usn.ubuntu.com/5432-1/", "reference_id": "USN-5432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5432-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5432-2/", "reference_id": "USN-USN-5432-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5432-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928257?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14048" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xdm-ndp3-47f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7052?format=api", "vulnerability_id": "VCID-3ggs-vja8-r3de", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nBuffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0973.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0973.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0973", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83617", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.8363", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83646", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.8367", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83694", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83687", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83683", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02006", "scoring_system": "epss", "scoring_elements": "0.83718", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/10/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/10/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177327", "reference_id": "1177327", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1177327" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/10/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/10/3" }, { "reference_url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/", "reference_id": "33173461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/" }, { "reference_url": "http://secunia.com/advisories/62725", "reference_id": "62725", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://secunia.com/advisories/62725" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823", "reference_id": "773823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673", "reference_id": "775673", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0973", "reference_id": "CVE-2015-0973", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0973" }, { "reference_url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt", "reference_id": "libpng_heap_overflow_1.6.15.txt", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240719-0005/", "reference_id": "ntap-20240719-0005", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240719-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928252?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0973" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ggs-vja8-r3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10855?format=api", "vulnerability_id": "VCID-663w-wmsg-zkc5", "summary": "Out-of-bounds Write\nAn issue has been found in third-party PNM decoding associated with libpng It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82728", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82682", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.8269", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82695", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.827", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82623", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82639", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82654", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.8265", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82676", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token" }, { "reference_url": "https://github.com/glennrp/libpng", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/glennrp/libpng" }, { "reference_url": "https://github.com/glennrp/libpng/issues/246", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/glennrp/libpng/issues/246" }, { "reference_url": "https://security.gentoo.org/glsa/201908-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201908-02" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221028-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221028-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221028-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221028-0001/" }, { "reference_url": "https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608800", "reference_id": "1608800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1608800" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14550", "reference_id": "CVE-2018-14550", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14550" }, { "reference_url": "https://github.com/advisories/GHSA-qwwr-qc2p-6283", "reference_id": "GHSA-qwwr-qc2p-6283", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qwwr-qc2p-6283" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928257?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14550", "GHSA-qwwr-qc2p-6283" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-663w-wmsg-zkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42454?format=api", "vulnerability_id": "VCID-7923-9g38-jqc3", "summary": "Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26497", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26351", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26541", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.2639", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26441", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26449", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26403", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26344", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216", "reference_id": "1121216", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d", "reference_id": "16b5e3823918840aae65c0a6da57c78a5a496a4d", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_id": "218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "reference_id": "2416907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/755", "reference_id": "755", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/755" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/757", "reference_id": "757", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/757" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g", "reference_id": "GHSA-7wv6-48j4-hj3g", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g" }, { "reference_url": "https://security.gentoo.org/glsa/202511-06", "reference_id": "GLSA-202511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0125", "reference_id": "RHSA-2026:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0210", "reference_id": "RHSA-2026:0210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0211", "reference_id": "RHSA-2026:0211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0212", "reference_id": "RHSA-2026:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0216", "reference_id": "RHSA-2026:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0234", "reference_id": "RHSA-2026:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0237", "reference_id": "RHSA-2026:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0238", "reference_id": "RHSA-2026:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0241", "reference_id": "RHSA-2026:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0313", "reference_id": "RHSA-2026:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0321", "reference_id": "RHSA-2026:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0322", "reference_id": "RHSA-2026:0322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0323", "reference_id": "RHSA-2026:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://usn.ubuntu.com/7924-1/", "reference_id": "USN-7924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7924-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928261?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928263?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928262?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-65018" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7923-9g38-jqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65169?format=api", "vulnerability_id": "VCID-7qam-er5a-gbas", "summary": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04618", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04625", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04692", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04674", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04658", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04642", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04654", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.047", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444", "reference_id": "1125444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "reference_id": "2428824", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", "reference_id": "GHSA-vgjq-8cw5-ggw8", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928266?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928265?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928268?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928267?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.54-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22801" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7qam-er5a-gbas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10852?format=api", "vulnerability_id": "VCID-8g2j-rqsk-zqfh", "summary": "Improper Input Validation\nlibpng does not properly check the length of chunks against the user limit.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70008", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.7002", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70113", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70034", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70011", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70075", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70098", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.70083", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00621", "scoring_system": "epss", "scoring_elements": "0.7007", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/109269", "reference_id": "109269", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "http://www.securityfocus.com/bid/109269" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733956", "reference_id": "1733956", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733956" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55", "reference_id": "347538efbdc21b8df684ebd92d37400b3ce85d55", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55" }, { "reference_url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE", "reference_id": "ANNOUNCE", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12652", "reference_id": "CVE-2017-12652", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12652" }, { "reference_url": "https://support.f5.com/csp/article/K88124225", "reference_id": "K88124225", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://support.f5.com/csp/article/K88124225" }, { "reference_url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS", "reference_id": "K88124225?utm_source=f5support&utm_medium=RSS", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220506-0003/", "reference_id": "ntap-20220506-0003", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220506-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3901", "reference_id": "RHSA-2020:3901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3901" }, { "reference_url": "https://usn.ubuntu.com/5432-1/", "reference_id": "USN-5432-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5432-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5432-2/", "reference_id": "USN-USN-5432-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5432-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928255?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.32-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.32-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-12652" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8g2j-rqsk-zqfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7279?format=api", "vulnerability_id": "VCID-9d14-kqac-nbbt", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nBuffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2594.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2595.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-2596.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0055.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0056.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0057.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.90218", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.902", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.90156", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.90159", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.90171", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.90176", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.90192", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.90197", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05471", "scoring_system": "epss", "scoring_elements": "0.90206", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10148" }, { "reference_url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/" }, { "reference_url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/" }, { "reference_url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/" }, { "reference_url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/" }, { "reference_url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/" }, { "reference_url": "https://support.apple.com/HT206167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT206167" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3443", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3443" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/12/03/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/12/03/6" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" }, { "reference_url": "http://www.securityfocus.com/bid/78624", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/78624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281756", "reference_id": "1281756", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281756" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112", "reference_id": "807112", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8472", "reference_id": "CVE-2015-8472", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2594", "reference_id": "RHSA-2015:2594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2595", "reference_id": "RHSA-2015:2595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2596", "reference_id": "RHSA-2015:2596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0055", "reference_id": "RHSA-2016:0055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0056", "reference_id": "RHSA-2016:0056", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0056" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0057", "reference_id": "RHSA-2016:0057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0098", "reference_id": "RHSA-2016:0098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0099", "reference_id": "RHSA-2016:0099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0100", "reference_id": "RHSA-2016:0100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0101", "reference_id": "RHSA-2016:0101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1430", "reference_id": "RHSA-2016:1430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1430" }, { "reference_url": "https://usn.ubuntu.com/2861-1/", "reference_id": "USN-2861-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2861-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928253?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.20-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.20-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-8472" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d14-kqac-nbbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63979?format=api", "vulnerability_id": "VCID-dm7h-c7wt-1kbs", "summary": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12775", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13064", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12864", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12943", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12994", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12954", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12919", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12874", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15898", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33416" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012", "reference_id": "1132012", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", "reference_id": "23019269764e35ed8458e517f1897bd3c54820eb", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "reference_id": "2451805", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "reference_id": "7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/824", "reference_id": "824", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/824" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "reference_id": "a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "reference_id": "c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", "reference_id": "GHSA-m4pc-p4q3-4c7j", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928272?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928271?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928273?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33416" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10277?format=api", "vulnerability_id": "VCID-fx8t-41tv-hkdu", "summary": "Use After Free\npng_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html" }, { "reference_url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68464", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68426", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.6836", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68458", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.6847", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68444", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68427", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68381", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.684", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7317" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/glennrp/libpng/issues/275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/glennrp/libpng/issues/275" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/30", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/30" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/36" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/May/56" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/59", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/May/59" }, { "reference_url": "https://seclists.org/bugtraq/2019/May/67", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/May/67" }, { "reference_url": "https://security.gentoo.org/glsa/201908-02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-02" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190719-0005/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4435", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4435" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4448" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4451" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.securityfocus.com/bid/108098", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/108098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409", "reference_id": "1672409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672409" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355", "reference_id": "921355", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355" }, { "reference_url": "https://security.archlinux.org/ASA-201904-10", "reference_id": "ASA-201904-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-10" }, { "reference_url": "https://security.archlinux.org/ASA-201905-8", "reference_id": "ASA-201905-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-8" }, { "reference_url": "https://security.archlinux.org/ASA-201905-9", "reference_id": "ASA-201905-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-9" }, { "reference_url": "https://security.archlinux.org/AVG-868", "reference_id": "AVG-868", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-868" }, { "reference_url": "https://security.archlinux.org/AVG-965", "reference_id": "AVG-965", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-965" }, { "reference_url": "https://security.archlinux.org/AVG-966", "reference_id": "AVG-966", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-966" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*", "reference_id": "cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*", "reference_id": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*", "reference_id": "cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "reference_id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "reference_id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*", "reference_id": "cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*", "reference_id": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*", "reference_id": "cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*", "reference_id": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*", "reference_id": "cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317", "reference_id": "CVE-2019-7317", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7317" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13", "reference_id": "mfsa2019-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-13" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14", "reference_id": "mfsa2019-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15", "reference_id": "mfsa2019-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1265", "reference_id": "RHSA-2019:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1267", "reference_id": "RHSA-2019:1267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1269", "reference_id": "RHSA-2019:1269", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1308", "reference_id": "RHSA-2019:1308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1309", "reference_id": "RHSA-2019:1309", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1309" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1310", "reference_id": "RHSA-2019:1310", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1310" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2494", "reference_id": "RHSA-2019:2494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2495", "reference_id": "RHSA-2019:2495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2585", "reference_id": "RHSA-2019:2585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2590", "reference_id": "RHSA-2019:2590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2592", "reference_id": "RHSA-2019:2592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2737", "reference_id": "RHSA-2019:2737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2737" }, { "reference_url": "https://usn.ubuntu.com/3962-1/", "reference_id": "USN-3962-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3962-1/" }, { "reference_url": "https://usn.ubuntu.com/3991-1/", "reference_id": "USN-3991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3991-1/" }, { "reference_url": "https://usn.ubuntu.com/3997-1/", "reference_id": "USN-3997-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3997-1/" }, { "reference_url": "https://usn.ubuntu.com/4080-1/", "reference_id": "USN-4080-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4080-1/" }, { "reference_url": "https://usn.ubuntu.com/4083-1/", "reference_id": "USN-4083-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4083-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928259?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.36-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-7317" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fx8t-41tv-hkdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82879?format=api", "vulnerability_id": "VCID-gk2b-sstt-2fgh", "summary": "libpng: memory leak of png_info struct in pngcp.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51731", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51877", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5185", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51835", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51806", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51767", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51822", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51819", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5187", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6129" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129" }, { "reference_url": "https://github.com/glennrp/libpng/issues/269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/glennrp/libpng/issues/269" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667127", "reference_id": "1667127", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1667127" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6129", "reference_id": "CVE-2019-6129", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6129" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928258?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-6129" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gk2b-sstt-2fgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6936?format=api", "vulnerability_id": "VCID-h89j-mr17-rua9", "summary": "Uncontrolled Resource Consumption\nMultiple integer overflows in libpng rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68438", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68452", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68502", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.6852", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68546", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68533", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68542", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00567", "scoring_system": "epss", "scoring_elements": "0.68476", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086516", "reference_id": "1086516", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086516" }, { "reference_url": "http://sourceforge.net/p/libpng/bugs/199/", "reference_id": "199", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/" } ], "url": "http://sourceforge.net/p/libpng/bugs/199/" }, { "reference_url": "http://www.securityfocus.com/bid/67344", "reference_id": "67344", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/" } ], "url": "http://www.securityfocus.com/bid/67344" }, { "reference_url": "http://seclists.org/oss-sec/2014/q2/83", "reference_id": "83", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/" } ], "url": "http://seclists.org/oss-sec/2014/q2/83" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7354", "reference_id": "CVE-2013-7354", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7354" }, { "reference_url": "https://security.gentoo.org/glsa/201408-06", "reference_id": "GLSA-201408-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-06" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928248?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-7354" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h89j-mr17-rua9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66390?format=api", "vulnerability_id": "VCID-j7dk-wzkm-tfcr", "summary": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24185", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30342", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30511", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30323", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30382", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30416", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30418", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30374", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30326", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66293" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877", "reference_id": "1121877", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "reference_id": "2418711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/764", "reference_id": "764", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/764" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", "reference_id": "788a624d7387a758ffd5c7ab010f1870dea753a1", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", "reference_id": "a05a48b756de63e3234ea6b3b938b8f5f862484a", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", "reference_id": "GHSA-9mpm-9pxh-mg4f", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0125", "reference_id": "RHSA-2026:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0210", "reference_id": "RHSA-2026:0210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0211", "reference_id": "RHSA-2026:0211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0212", "reference_id": "RHSA-2026:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0216", "reference_id": "RHSA-2026:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0234", "reference_id": "RHSA-2026:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0237", "reference_id": "RHSA-2026:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0238", "reference_id": "RHSA-2026:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0241", "reference_id": "RHSA-2026:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0313", "reference_id": "RHSA-2026:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0321", "reference_id": "RHSA-2026:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0322", "reference_id": "RHSA-2026:0322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0323", "reference_id": "RHSA-2026:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2072", "reference_id": "RHSA-2026:2072", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2072" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2633", "reference_id": "RHSA-2026:2633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2659", "reference_id": "RHSA-2026:2659", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2659" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2671", "reference_id": "RHSA-2026:2671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2974", "reference_id": "RHSA-2026:2974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3415", "reference_id": "RHSA-2026:3415", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3415" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3861", "reference_id": "RHSA-2026:3861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4419", "reference_id": "RHSA-2026:4419", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4419" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928261?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928263?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928264?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.52-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.52-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-66293" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7dk-wzkm-tfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42451?format=api", "vulnerability_id": "VCID-kwag-k17x-kyaj", "summary": "Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07207", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07223", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07278", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07304", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.073", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07276", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219", "reference_id": "1121219", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416905", "reference_id": "2416905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416905" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37", "reference_id": "6a528eb5fd0dd7f6de1c39d30de0e41473431c37", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/748", "reference_id": "748", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/748" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42", "reference_id": "GHSA-4952-h5wq-4m42", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42" }, { "reference_url": "https://security.gentoo.org/glsa/202511-06", "reference_id": "GLSA-202511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-06" }, { "reference_url": "https://usn.ubuntu.com/7924-1/", "reference_id": "USN-7924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7924-1/" }, { "reference_url": "https://usn.ubuntu.com/8081-1/", "reference_id": "USN-8081-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8081-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928261?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928263?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928262?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-64505" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwag-k17x-kyaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7047?format=api", "vulnerability_id": "VCID-mxh6-rpb3-tbbq", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9495", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87524", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87547", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87549", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87568", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87586", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87582", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87579", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03487", "scoring_system": "epss", "scoring_elements": "0.87593", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9495" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/10/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/10/1" }, { "reference_url": "http://www.securitytracker.com/id/1031444", "reference_id": "1031444", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.securitytracker.com/id/1031444" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179186", "reference_id": "1179186", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179186" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/04/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/04/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/01/10/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2015/01/10/3" }, { "reference_url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/", "reference_id": "33172831", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://sourceforge.net/p/png-mng/mailman/message/33172831/" }, { "reference_url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/", "reference_id": "33173461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://sourceforge.net/p/png-mng/mailman/message/33173461/" }, { "reference_url": "http://secunia.com/advisories/62725", "reference_id": "62725", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://secunia.com/advisories/62725" }, { "reference_url": "http://www.securityfocus.com/bid/71820", "reference_id": "71820", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/" } ], "url": "http://www.securityfocus.com/bid/71820" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823", "reference_id": "773823", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824", "reference_id": "773824", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9495", "reference_id": "CVE-2014-9495", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9495" }, { "reference_url": "https://security.gentoo.org/glsa/201502-10", "reference_id": "GLSA-201502-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928252?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.16-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-9495" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxh6-rpb3-tbbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42453?format=api", "vulnerability_id": "VCID-n4kj-urjq-2uav", "summary": "Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27983", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27831", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.28025", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27883", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27924", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27925", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27824", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64720" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643", "reference_id": "08da33b4c88cfcd36e5a706558a8d7e0e4773643", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217", "reference_id": "1121217", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "reference_id": "2416904", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/686", "reference_id": "686", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/686" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/751", "reference_id": "751", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/751" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww", "reference_id": "GHSA-hfc7-ph9c-wcww", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww" }, { "reference_url": "https://security.gentoo.org/glsa/202511-06", "reference_id": "GLSA-202511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0125", "reference_id": "RHSA-2026:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0210", "reference_id": "RHSA-2026:0210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0211", "reference_id": "RHSA-2026:0211", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0211" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0212", "reference_id": "RHSA-2026:0212", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0212" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0216", "reference_id": "RHSA-2026:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0234", "reference_id": "RHSA-2026:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0237", "reference_id": "RHSA-2026:0237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0238", "reference_id": "RHSA-2026:0238", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0238" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0241", "reference_id": "RHSA-2026:0241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0251", "reference_id": "RHSA-2026:0251", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0251" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0313", "reference_id": "RHSA-2026:0313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0313" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0321", "reference_id": "RHSA-2026:0321", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0321" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0322", "reference_id": "RHSA-2026:0322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0323", "reference_id": "RHSA-2026:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0323" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0847", "reference_id": "RHSA-2026:0847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0848", "reference_id": "RHSA-2026:0848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0849", "reference_id": "RHSA-2026:0849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0895", "reference_id": "RHSA-2026:0895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0897", "reference_id": "RHSA-2026:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0899", "reference_id": "RHSA-2026:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0901", "reference_id": "RHSA-2026:0901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0927", "reference_id": "RHSA-2026:0927", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0928", "reference_id": "RHSA-2026:0928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0932", "reference_id": "RHSA-2026:0932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0933", "reference_id": "RHSA-2026:0933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0933" }, { "reference_url": "https://usn.ubuntu.com/7924-1/", "reference_id": "USN-7924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7924-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928261?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928263?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928262?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-64720" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kj-urjq-2uav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6907?format=api", "vulnerability_id": "VCID-nhbw-6tpy-pbh3", "summary": "Uncontrolled Resource Consumption\nThe png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73361", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73371", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73395", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73403", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73417", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.7344", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.7342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73412", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73454", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070985", "reference_id": "1070985", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070985" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0333", "reference_id": "CVE-2014-0333", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0333" }, { "reference_url": "https://security.gentoo.org/glsa/201408-06", "reference_id": "GLSA-201408-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928248?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0333" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbw-6tpy-pbh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42452?format=api", "vulnerability_id": "VCID-p6b5-1ba6-b3f8", "summary": "Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07207", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07223", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07278", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07304", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.073", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07276", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-64506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218", "reference_id": "1121218", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416906", "reference_id": "2416906", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416906" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821", "reference_id": "2bd84c019c300b78e811743fbcddb67c9d9bf821", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821" }, { "reference_url": "https://github.com/pnggroup/libpng/pull/749", "reference_id": "749", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/" } ], "url": "https://github.com/pnggroup/libpng/pull/749" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6", "reference_id": "GHSA-qpr4-xm66-hww6", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6" }, { "reference_url": "https://security.gentoo.org/glsa/202511-06", "reference_id": "GLSA-202511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202511-06" }, { "reference_url": "https://usn.ubuntu.com/7924-1/", "reference_id": "USN-7924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7924-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928261?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928263?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928262?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-64506" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6b5-1ba6-b3f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63978?format=api", "vulnerability_id": "VCID-ptgq-884e-mkft", "summary": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09521", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09508", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09569", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0954", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10217", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33636" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013", "reference_id": "1132013", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "reference_id": "2451819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", "reference_id": "7734cda20cf1236aef60f3bbd2267c97bbb40869", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", "reference_id": "aba9f18eba870d14fb52c5ba5d73451349e339c3", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", "reference_id": "GHSA-wjr5-c57x-95m2", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7671", "reference_id": "RHSA-2026:7671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7672", "reference_id": "RHSA-2026:7672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8052", "reference_id": "RHSA-2026:8052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8052" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928272?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928271?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928273?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33636" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9572?format=api", "vulnerability_id": "VCID-q3qv-kycc-eqfw", "summary": "Divide By Zero\nIn libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02919", "scoring_system": "epss", "scoring_elements": "0.86407", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02919", "scoring_system": "epss", "scoring_elements": "0.86374", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02919", "scoring_system": "epss", "scoring_elements": "0.86384", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02919", "scoring_system": "epss", "scoring_elements": "0.86397", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02919", "scoring_system": "epss", "scoring_elements": "0.86396", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02919", "scoring_system": "epss", "scoring_elements": "0.8639", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86527", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86498", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86526", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86508", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13785" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20181018-0001/" }, { "reference_url": "https://sourceforge.net/p/libpng/bugs/278/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://sourceforge.net/p/libpng/bugs/278/" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/105599", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105599" }, { "reference_url": "http://www.securitytracker.com/id/1041889", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041889" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599943", "reference_id": "1599943", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599943" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430", "reference_id": "903430", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13785", "reference_id": "CVE-2018-13785", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13785" }, { "reference_url": "https://security.gentoo.org/glsa/201908-10", "reference_id": "GLSA-201908-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3000", "reference_id": "RHSA-2018:3000", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3001", "reference_id": "RHSA-2018:3001", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3002", "reference_id": "RHSA-2018:3002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3003", "reference_id": "RHSA-2018:3003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3007", "reference_id": "RHSA-2018:3007", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3007" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3008", "reference_id": "RHSA-2018:3008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3533", "reference_id": "RHSA-2018:3533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3534", "reference_id": "RHSA-2018:3534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3671", "reference_id": "RHSA-2018:3671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3672", "reference_id": "RHSA-2018:3672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3779", "reference_id": "RHSA-2018:3779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3852", "reference_id": "RHSA-2018:3852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3852" }, { "reference_url": "https://usn.ubuntu.com/3712-1/", "reference_id": "USN-3712-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3712-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928256?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.34-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.34-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-13785" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3qv-kycc-eqfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65170?format=api", "vulnerability_id": "VCID-rm7f-ybuf-dyfq", "summary": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08627", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08548", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08597", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08671", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08696", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08673", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0866", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-22695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443", "reference_id": "1125443", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_id": "218612ddd6b17944e21eda56caf8b4bf7779d1ea", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "reference_id": "2428825", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825" }, { "reference_url": "https://github.com/pnggroup/libpng/issues/778", "reference_id": "778", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/issues/778" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", "reference_id": "e4f7ad4ea2", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", "reference_id": "GHSA-mmq5-27w3-rxpp", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://usn.ubuntu.com/7963-1/", "reference_id": "USN-7963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7963-1/" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928266?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928265?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928268?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928267?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.54-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-22695" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7f-ybuf-dyfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6937?format=api", "vulnerability_id": "VCID-una1-4acn-s3dy", "summary": "Heap-based Buffer Overflow\nInteger overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7353.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7353.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61351", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61428", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61474", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61489", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.6151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61497", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61477", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61517", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61456", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00412", "scoring_system": "epss", "scoring_elements": "0.61427", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086514", "reference_id": "1086514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086514" }, { "reference_url": "http://sourceforge.net/p/libpng/bugs/199/", "reference_id": "199", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/" } ], "url": "http://sourceforge.net/p/libpng/bugs/199/" }, { "reference_url": "http://www.securityfocus.com/bid/67345", "reference_id": "67345", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/" } ], "url": "http://www.securityfocus.com/bid/67345" }, { "reference_url": "http://seclists.org/oss-sec/2014/q2/83", "reference_id": "83", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/" } ], "url": "http://seclists.org/oss-sec/2014/q2/83" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7353", "reference_id": "CVE-2013-7353", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7353" }, { "reference_url": "https://security.gentoo.org/glsa/201408-06", "reference_id": "GLSA-201408-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-06" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928248?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-7353" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-una1-4acn-s3dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64639?format=api", "vulnerability_id": "VCID-xyhj-84d1-dqh3", "summary": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25646", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23042", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23103", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23085", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26176", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26135", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25646" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", "reference_id": "01d03b8453eb30ade759cd45c707e5a1c7277d88", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/" } ], "url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566", "reference_id": "1127566", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "reference_id": "2438542", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542" }, { "reference_url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", "reference_id": "GHSA-g8hp-mq4h-rqm3", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/" } ], "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3031", "reference_id": "RHSA-2026:3031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3405", "reference_id": "RHSA-2026:3405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3551", "reference_id": "RHSA-2026:3551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3551" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3573", "reference_id": "RHSA-2026:3573", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3573" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3574", "reference_id": "RHSA-2026:3574", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3574" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3575", "reference_id": "RHSA-2026:3575", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3575" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3576", "reference_id": "RHSA-2026:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3577", "reference_id": "RHSA-2026:3577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3968", "reference_id": "RHSA-2026:3968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3969", "reference_id": "RHSA-2026:3969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4221", "reference_id": "RHSA-2026:4221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4222", "reference_id": "RHSA-2026:4222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4306", "reference_id": "RHSA-2026:4306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4501", "reference_id": "RHSA-2026:4501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4728", "reference_id": "RHSA-2026:4728", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4728" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4729", "reference_id": "RHSA-2026:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4730", "reference_id": "RHSA-2026:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4731", "reference_id": "RHSA-2026:4731", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4731" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4732", "reference_id": "RHSA-2026:4732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4756", "reference_id": "RHSA-2026:4756", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4756" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5606", "reference_id": "RHSA-2026:5606", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5606" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6439", "reference_id": "RHSA-2026:6439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6445", "reference_id": "RHSA-2026:6445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6466", "reference_id": "RHSA-2026:6466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6467", "reference_id": "RHSA-2026:6467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6468", "reference_id": "RHSA-2026:6468", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6469", "reference_id": "RHSA-2026:6469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6553", "reference_id": "RHSA-2026:6553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7032", "reference_id": "RHSA-2026:7032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7033", "reference_id": "RHSA-2026:7033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7034", "reference_id": "RHSA-2026:7034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7035", "reference_id": "RHSA-2026:7035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7036", "reference_id": "RHSA-2026:7036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7243", "reference_id": "RHSA-2026:7243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7243" }, { "reference_url": "https://usn.ubuntu.com/8035-1/", "reference_id": "USN-8035-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8035-1/" }, { "reference_url": "https://usn.ubuntu.com/8039-1/", "reference_id": "USN-8039-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8039-1/" }, { "reference_url": "https://usn.ubuntu.com/8081-1/", "reference_id": "USN-8081-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8081-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928266?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928269?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928270?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.55-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.55-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-25646" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xyhj-84d1-dqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7800?format=api", "vulnerability_id": "VCID-zetn-zwnv-u7gf", "summary": "NULL Pointer Dereference\nThe png_set_text_2 function in libpng allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75969", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76032", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76027", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75972", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76004", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75983", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76016", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76031", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409617", "reference_id": "1409617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409617" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799", "reference_id": "849799", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799" }, { "reference_url": "https://security.archlinux.org/ASA-201701-2", "reference_id": "ASA-201701-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-2" }, { "reference_url": "https://security.archlinux.org/ASA-201701-5", "reference_id": "ASA-201701-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-5" }, { "reference_url": "https://security.archlinux.org/AVG-119", "reference_id": "AVG-119", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-119" }, { "reference_url": "https://security.archlinux.org/AVG-120", "reference_id": "AVG-120", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-120" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10087", "reference_id": "CVE-2016-10087", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10087" }, { "reference_url": "https://security.gentoo.org/glsa/201701-74", "reference_id": "GLSA-201701-74", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-74" }, { "reference_url": "https://usn.ubuntu.com/3712-1/", "reference_id": "USN-3712-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3712-1/" }, { "reference_url": "https://usn.ubuntu.com/3712-2/", "reference_id": "USN-3712-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3712-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/928254?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.27-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.27-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928249?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gk2b-sstt-2fgh" }, { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928247?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uxj6-4181-rygt" }, { "vulnerability": "VCID-uxqz-nx2v-6yc5" }, { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928251?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/928250?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zmjn-418h-ebg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1063050?format=api", "purl": "pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-10087" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zetn-zwnv-u7gf" } ], "risk_score": "2.8", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie" }