Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-sn99-6y6w-ybc6

Summary

Pngcrush is vulnerable to a buffer overflow which could potentially lead to
    the execution of arbitrary code.

Aliases

alias	CVE-2005-1849

Fixed_packages

url	pkg:deb/debian/sash@3.7-5sarge1?distro=trixie
purl	pkg:deb/debian/sash@3.7-5sarge1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/sash@3.7-5sarge1%3Fdistro=trixie

url pkg:deb/debian/sash@3.7-5sarge1

purl pkg:deb/debian/sash@3.7-5sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sash@3.7-5sarge1

url	pkg:deb/debian/sash@3.8-5?distro=trixie
purl	pkg:deb/debian/sash@3.8-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/sash@3.8-5%3Fdistro=trixie

url	pkg:deb/debian/sash@3.8-7?distro=trixie
purl	pkg:deb/debian/sash@3.8-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/sash@3.8-7%3Fdistro=trixie

url	pkg:deb/debian/zlib@1:1.2.3-1?distro=trixie
purl	pkg:deb/debian/zlib@1:1.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.2.3-1%3Fdistro=trixie

url pkg:deb/debian/zlib@1:1.2.3-13

purl pkg:deb/debian/zlib@1:1.2.3-13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3aq8-fkrc-hqa2

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-xd6j-x83x-r3gn

vulnerability	VCID-ys8b-uuv1-pkfm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.2.3-13

url pkg:deb/debian/zlib@1:1.2.11.dfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/zlib@1:1.2.11.dfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ac5e-emja-v3fe

vulnerability	VCID-v6pc-48dg-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.2.11.dfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/zlib@1:1.2.13.dfsg-1?distro=trixie

purl pkg:deb/debian/zlib@1:1.2.13.dfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ac5e-emja-v3fe

vulnerability	VCID-v6pc-48dg-4kad

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.2.13.dfsg-1%3Fdistro=trixie

url pkg:deb/debian/zlib@1:1.3.dfsg%2Breally1.3.1-1?distro=trixie

purl pkg:deb/debian/zlib@1:1.3.dfsg%2Breally1.3.1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ac5e-emja-v3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.3.dfsg%252Breally1.3.1-1%3Fdistro=trixie

url pkg:deb/debian/zlib@1:1.3.dfsg%2Breally1.3.1-3?distro=trixie

purl pkg:deb/debian/zlib@1:1.3.dfsg%2Breally1.3.1-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ac5e-emja-v3fe

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.3.dfsg%252Breally1.3.1-3%3Fdistro=trixie

url	pkg:deb/debian/zlib@1:1.3.dfsg%2Breally1.3.2-3?distro=trixie
purl	pkg:deb/debian/zlib@1:1.3.dfsg%2Breally1.3.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.3.dfsg%252Breally1.3.2-3%3Fdistro=trixie

url	pkg:deb/debian/zsync@0.4.1-1?distro=trixie
purl	pkg:deb/debian/zsync@0.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsync@0.4.1-1%3Fdistro=trixie

url	pkg:deb/debian/zsync@0.5-1
purl	pkg:deb/debian/zsync@0.5-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsync@0.5-1

url	pkg:deb/debian/zsync@0.6.2-3?distro=trixie
purl	pkg:deb/debian/zsync@0.6.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsync@0.6.2-3%3Fdistro=trixie

url	pkg:deb/debian/zsync@0.6.2-5?distro=trixie
purl	pkg:deb/debian/zsync@0.6.2-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsync@0.6.2-5%3Fdistro=trixie

url	pkg:deb/debian/zsync@0.6.2-8?distro=trixie
purl	pkg:deb/debian/zsync@0.6.2-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsync@0.6.2-8%3Fdistro=trixie

url	pkg:deb/debian/zsync@0.6.2-9?distro=trixie
purl	pkg:deb/debian/zsync@0.6.2-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsync@0.6.2-9%3Fdistro=trixie

url	pkg:ebuild/media-gfx/pngcrush@1.6.2
purl	pkg:ebuild/media-gfx/pngcrush@1.6.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-gfx/pngcrush@1.6.2

Affected_packages

url pkg:deb/debian/sash@2.1-3

purl pkg:deb/debian/sash@2.1-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-sn99-6y6w-ybc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sash@2.1-3

url pkg:deb/debian/sash@2.1-5

purl pkg:deb/debian/sash@2.1-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-sn99-6y6w-ybc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sash@2.1-5

url pkg:deb/debian/sash@3.4-6

purl pkg:deb/debian/sash@3.4-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-sn99-6y6w-ybc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sash@3.4-6

url pkg:deb/debian/sash@3.4-8.2

purl pkg:deb/debian/sash@3.4-8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-sn99-6y6w-ybc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/sash@3.4-8.2

url pkg:deb/debian/zlib@1:1.1.1-0.1

purl pkg:deb/debian/zlib@1:1.1.1-0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-3aq8-fkrc-hqa2

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-s8dx-tft2-nfg6

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-sn99-6y6w-ybc6

vulnerability	VCID-xd6j-x83x-r3gn

vulnerability	VCID-y9kk-6zyw-6qfn

vulnerability	VCID-ys8b-uuv1-pkfm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.1.1-0.1

url pkg:deb/debian/zlib@1:1.1.3-5

purl pkg:deb/debian/zlib@1:1.1.3-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-3aq8-fkrc-hqa2

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-s8dx-tft2-nfg6

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-sn99-6y6w-ybc6

vulnerability	VCID-xd6j-x83x-r3gn

vulnerability	VCID-y9kk-6zyw-6qfn

vulnerability	VCID-ys8b-uuv1-pkfm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.1.3-5

url pkg:deb/debian/zlib@1:1.1.4-1.0woody0

purl pkg:deb/debian/zlib@1:1.1.4-1.0woody0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-3aq8-fkrc-hqa2

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-s8dx-tft2-nfg6

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-sn99-6y6w-ybc6

vulnerability	VCID-xd6j-x83x-r3gn

vulnerability	VCID-y9kk-6zyw-6qfn

vulnerability	VCID-ys8b-uuv1-pkfm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.1.4-1.0woody0

url pkg:deb/debian/zlib@1:1.2.2-4.sarge.2

purl pkg:deb/debian/zlib@1:1.2.2-4.sarge.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-3aq8-fkrc-hqa2

vulnerability	VCID-eyjp-7kks-jbfr

vulnerability	VCID-m6xx-a91r-sbhu

vulnerability	VCID-mr6h-6jrp-gyf3

vulnerability	VCID-smft-ms93-6kf1

vulnerability	VCID-sn99-6y6w-ybc6

vulnerability	VCID-xd6j-x83x-r3gn

vulnerability	VCID-ys8b-uuv1-pkfm

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zlib@1:1.2.2-4.sarge.2

url pkg:deb/debian/zsync@0.3.3-1.sarge.1

purl pkg:deb/debian/zsync@0.3.3-1.sarge.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vu9-xzw9-kfe2

vulnerability	VCID-sn99-6y6w-ybc6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zsync@0.3.3-1.sarge.1

url pkg:rpm/redhat/zlib@1.2.1.2-1?arch=2

purl pkg:rpm/redhat/zlib@1.2.1.2-1?arch=2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sn99-6y6w-ybc6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/zlib@1.2.1.2-1%3Farch=2

References

reference_url	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
reference_id
reference_type
scores
url	ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt

reference_url	http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1849.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-1849.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-1849

reference_id

reference_type

scores

value	0.07988
scoring_system	epss
scoring_elements	0.92095
published_at	2026-04-18T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.92053
published_at	2026-04-01T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.92059
published_at	2026-04-02T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.92067
published_at	2026-04-04T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.92071
published_at	2026-04-07T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.92083
published_at	2026-04-08T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.92087
published_at	2026-04-09T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.9209
published_at	2026-04-12T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.92086
published_at	2026-04-13T12:55:00Z

value	0.07988
scoring_system	epss
scoring_elements	0.92097
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-1849

reference_url	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849

reference_url	http://secunia.com/advisories/16137
reference_id
reference_type
scores
url	http://secunia.com/advisories/16137

reference_url	http://secunia.com/advisories/17326
reference_id
reference_type
scores
url	http://secunia.com/advisories/17326

reference_url	http://secunia.com/advisories/17516
reference_id
reference_type
scores
url	http://secunia.com/advisories/17516

reference_url	http://secunia.com/advisories/18377
reference_id
reference_type
scores
url	http://secunia.com/advisories/18377

reference_url	http://secunia.com/advisories/19334
reference_id
reference_type
scores
url	http://secunia.com/advisories/19334

reference_url	http://secunia.com/advisories/19550
reference_id
reference_type
scores
url	http://secunia.com/advisories/19550

reference_url	http://secunia.com/advisories/19597
reference_id
reference_type
scores
url	http://secunia.com/advisories/19597

reference_url	http://secunia.com/advisories/24788
reference_id
reference_type
scores
url	http://secunia.com/advisories/24788

reference_url	http://secunia.com/advisories/31492
reference_id
reference_type
scores
url	http://secunia.com/advisories/31492

reference_url	http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
reference_id
reference_type
scores
url	http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz

reference_url	http://securitytracker.com/id?1014540
reference_id
reference_type
scores
url	http://securitytracker.com/id?1014540

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/21456
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/21456

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402

reference_url	http://www.debian.org/security/2005/dsa-763
reference_id
reference_type
scores
url	http://www.debian.org/security/2005/dsa-763

reference_url	http://www.debian.org/security/2005/dsa-797
reference_id
reference_type
scores
url	http://www.debian.org/security/2005/dsa-797

reference_url	http://www.debian.org/security/2006/dsa-1026
reference_id
reference_type
scores
url	http://www.debian.org/security/2006/dsa-1026

reference_url	http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
reference_id
reference_type
scores
url	http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml

reference_url	http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml
reference_id
reference_type
scores
url	http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml

reference_url	http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDKSA-2005:196

reference_url	http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDKSA-2006:070

reference_url	http://www.novell.com/linux/security/advisories/2005_43_zlib.html
reference_id
reference_type
scores
url	http://www.novell.com/linux/security/advisories/2005_43_zlib.html

reference_url	http://www.osvdb.org/18141
reference_id
reference_type
scores
url	http://www.osvdb.org/18141

reference_url	http://www.redhat.com/support/errata/RHSA-2005-584.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2005-584.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0629.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0629.html

reference_url	http://www.securityfocus.com/archive/1/464745/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/464745/100/0/threaded

reference_url	http://www.securityfocus.com/bid/14340
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/14340

reference_url	http://www.ubuntulinux.org/usn/usn-151-3
reference_id
reference_type
scores
url	http://www.ubuntulinux.org/usn/usn-151-3

reference_url	http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
reference_id
reference_type
scores
url	http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html

reference_url	http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
reference_id
reference_type
scores
url	http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html

reference_url	http://www.vupen.com/english/advisories/2007/1267
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2007/1267

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=430649
reference_id	430649
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=430649

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zlib:zlib:1.2.2:::::::*
reference_id	cpe:2.3:a:zlib:zlib:1.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zlib:zlib:1.2.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2005-1849

reference_id

CVE-2005-1849

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2005-1849

reference_url	https://security.gentoo.org/glsa/200603-18
reference_id	GLSA-200603-18
reference_type
scores
url	https://security.gentoo.org/glsa/200603-18

reference_url	https://access.redhat.com/errata/RHSA-2005:584
reference_id	RHSA-2005:584
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:584

reference_url	https://access.redhat.com/errata/RHSA-2008:0264
reference_id	RHSA-2008:0264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0264

reference_url	https://access.redhat.com/errata/RHSA-2008:0525
reference_id	RHSA-2008:0525
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0525

reference_url	https://access.redhat.com/errata/RHSA-2008:0629
reference_id	RHSA-2008:0629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0629

reference_url	https://usn.ubuntu.com/151-1/
reference_id	USN-151-1
reference_type
scores
url	https://usn.ubuntu.com/151-1/

reference_url	https://usn.ubuntu.com/151-2/
reference_id	USN-151-2
reference_type
scores
url	https://usn.ubuntu.com/151-2/

reference_url	https://usn.ubuntu.com/151-3/
reference_id	USN-151-3
reference_type
scores
url	https://usn.ubuntu.com/151-3/

reference_url	https://usn.ubuntu.com/151-4/
reference_id	USN-151-4
reference_type
scores
url	https://usn.ubuntu.com/151-4/

Weaknesses

Exploits

Severity_range_score 5.0 - 5.0

Exploitability 0.5

Weighted_severity 4.5

Risk_score 2.2

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sn99-6y6w-ybc6

Vulnerability Instance