{"url":"http://public2.vulnerablecode.io/api/packages/1049903?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.28-1%2Bdeb9u1","type":"deb","namespace":"debian","name":"libpng1.6","version":"1.6.28-1+deb9u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.39-2+deb12u5","latest_non_vulnerable_version":"1.6.58-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9619?format=json","vulnerability_id":"VCID-2xdm-ndp3-47f4","summary":"Improper Handling of Exceptional Conditions\nAn issue has been found in libpng It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.","references":[{"reference_url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14048","reference_id":"","reference_type":"","scores":[{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74473","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74519","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74631","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74657","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74625","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74645","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74476","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.7451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74525","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74547","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74557","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74564","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74592","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74598","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74599","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74602","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00839","scoring_system":"epss","scoring_elements":"0.74869","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/fouzhe/security/tree/master/libpng","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fouzhe/security/tree/master/libpng"},{"reference_url":"https://github.com/glennrp/libpng/issues/238","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/glennrp/libpng/issues/238"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/30","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/30"},{"reference_url":"https://security.gentoo.org/glsa/201908-02","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-02"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608073","reference_id":"1608073","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608073"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14048","reference_id":"CVE-2018-14048","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14048"},{"reference_url":"https://usn.ubuntu.com/5432-1/","reference_id":"USN-5432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5432-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5432-2/","reference_id":"USN-USN-5432-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5432-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026081?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7923-9g38-jqc3"},{"vulnerability":"VCID-7qam-er5a-gbas"},{"vulnerability":"VCID-dm7h-c7wt-1kbs"},{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-j7dk-wzkm-tfcr"},{"vulnerability":"VCID-kwag-k17x-kyaj"},{"vulnerability":"VCID-n4kj-urjq-2uav"},{"vulnerability":"VCID-p6b5-1ba6-b3f8"},{"vulnerability":"VCID-ptgq-884e-mkft"},{"vulnerability":"VCID-rm7f-ybuf-dyfq"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-xyhj-84d1-dqh3"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3"}],"aliases":["CVE-2018-14048"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xdm-ndp3-47f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10855?format=json","vulnerability_id":"VCID-663w-wmsg-zkc5","summary":"Out-of-bounds Write\nAn issue has been found in third-party PNM decoding associated with libpng It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14550","reference_id":"","reference_type":"","scores":[{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.8267","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.8265","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82628","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82602","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82726","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82669","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82684","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82676","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82623","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82639","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82732","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82729","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82728","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.8269","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82695","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.827","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82654","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.8265","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token"},{"reference_url":"https://github.com/glennrp/libpng","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/glennrp/libpng"},{"reference_url":"https://github.com/glennrp/libpng/issues/246","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/glennrp/libpng/issues/246"},{"reference_url":"https://security.gentoo.org/glsa/201908-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201908-02"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221028-0001","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221028-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221028-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221028-0001/"},{"reference_url":"https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608800","reference_id":"1608800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608800"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14550","reference_id":"CVE-2018-14550","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14550"},{"reference_url":"https://github.com/advisories/GHSA-qwwr-qc2p-6283","reference_id":"GHSA-qwwr-qc2p-6283","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwwr-qc2p-6283"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026081?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7923-9g38-jqc3"},{"vulnerability":"VCID-7qam-er5a-gbas"},{"vulnerability":"VCID-dm7h-c7wt-1kbs"},{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-j7dk-wzkm-tfcr"},{"vulnerability":"VCID-kwag-k17x-kyaj"},{"vulnerability":"VCID-n4kj-urjq-2uav"},{"vulnerability":"VCID-p6b5-1ba6-b3f8"},{"vulnerability":"VCID-ptgq-884e-mkft"},{"vulnerability":"VCID-rm7f-ybuf-dyfq"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-xyhj-84d1-dqh3"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3"}],"aliases":["CVE-2018-14550","GHSA-qwwr-qc2p-6283"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-663w-wmsg-zkc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42454?format=json","vulnerability_id":"VCID-7923-9g38-jqc3","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65018","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15207","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15263","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15265","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20275","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2004","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20114","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20198","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20163","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20186","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26497","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26351","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26541","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2639","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26441","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26449","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26344","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216","reference_id":"1121216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216"},{"reference_url":"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d","reference_id":"16b5e3823918840aae65c0a6da57c78a5a496a4d","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"},{"reference_url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_id":"218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416907","reference_id":"2416907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416907"},{"reference_url":"https://github.com/pnggroup/libpng/issues/755","reference_id":"755","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/issues/755"},{"reference_url":"https://github.com/pnggroup/libpng/pull/757","reference_id":"757","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/pull/757"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g","reference_id":"GHSA-7wv6-48j4-hj3g","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2025-65018"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7923-9g38-jqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65169?format=json","vulnerability_id":"VCID-7qam-er5a-gbas","summary":"libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22801","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04625","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04907","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04951","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04956","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04953","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04642","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04688","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.047","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04674","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04658","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04633","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04773","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04807","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04845","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04858","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06725","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444","reference_id":"1125444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428824","reference_id":"2428824","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428824"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8","reference_id":"GHSA-vgjq-8cw5-ggw8","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2026-22801"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qam-er5a-gbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10852?format=json","vulnerability_id":"VCID-8g2j-rqsk-zqfh","summary":"Improper Input Validation\nlibpng does not properly check the length of chunks against the user limit.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12652","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67109","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67023","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67046","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.6982","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69873","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69843","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69799","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69825","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.7002","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70011","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70059","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70075","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70098","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.7007","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70113","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70122","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70102","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70008","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/109269","reference_id":"109269","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"http://www.securityfocus.com/bid/109269"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733956","reference_id":"1733956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733956"},{"reference_url":"https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55","reference_id":"347538efbdc21b8df684ebd92d37400b3ce85d55","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55"},{"reference_url":"https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","reference_id":"ANNOUNCE","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12652","reference_id":"CVE-2017-12652","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12652"},{"reference_url":"https://support.f5.com/csp/article/K88124225","reference_id":"K88124225","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://support.f5.com/csp/article/K88124225"},{"reference_url":"https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS","reference_id":"K88124225?utm_source=f5support&utm_medium=RSS","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0003/","reference_id":"ntap-20220506-0003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220506-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3901","reference_id":"RHSA-2020:3901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3901"},{"reference_url":"https://usn.ubuntu.com/5432-1/","reference_id":"USN-5432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5432-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5432-2/","reference_id":"USN-USN-5432-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5432-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049904?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.36-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xdm-ndp3-47f4"},{"vulnerability":"VCID-663w-wmsg-zkc5"},{"vulnerability":"VCID-7923-9g38-jqc3"},{"vulnerability":"VCID-7qam-er5a-gbas"},{"vulnerability":"VCID-dm7h-c7wt-1kbs"},{"vulnerability":"VCID-j7dk-wzkm-tfcr"},{"vulnerability":"VCID-kwag-k17x-kyaj"},{"vulnerability":"VCID-n4kj-urjq-2uav"},{"vulnerability":"VCID-p6b5-1ba6-b3f8"},{"vulnerability":"VCID-ptgq-884e-mkft"},{"vulnerability":"VCID-rm7f-ybuf-dyfq"},{"vulnerability":"VCID-xyhj-84d1-dqh3"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-6"}],"aliases":["CVE-2017-12652"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g2j-rqsk-zqfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63979?format=json","vulnerability_id":"VCID-dm7h-c7wt-1kbs","summary":"libpng: libpng: Arbitrary code execution due to use-after-free vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33416","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10934","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10979","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11022","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11977","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12063","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12943","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13064","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12864","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12954","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12919","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12874","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12775","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15898","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.16975","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17098","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1701","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.169","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17006","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012","reference_id":"1132012","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012"},{"reference_url":"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb","reference_id":"23019269764e35ed8458e517f1897bd3c54820eb","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805","reference_id":"2451805","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805"},{"reference_url":"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667","reference_id":"7ea9eea884a2328cc7fdcb3c0c00246a50d90667","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"},{"reference_url":"https://github.com/pnggroup/libpng/pull/824","reference_id":"824","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/pull/824"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25","reference_id":"a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"},{"reference_url":"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1","reference_id":"c1b0318b393c90679e6fa5bc1d329fd5d5012ec1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j","reference_id":"GHSA-m4pc-p4q3-4c7j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13922","reference_id":"RHSA-2026:13922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13977","reference_id":"RHSA-2026:13977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14223","reference_id":"RHSA-2026:14223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14303","reference_id":"RHSA-2026:14303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15889","reference_id":"RHSA-2026:15889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://usn.ubuntu.com/8251-1/","reference_id":"USN-8251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8251-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2026-33416"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10277?format=json","vulnerability_id":"VCID-fx8t-41tv-hkdu","summary":"Use After Free\npng_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"},{"reference_url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7317","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68619","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68504","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.6851","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68516","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68536","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68573","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68539","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68564","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.6836","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68381","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.684","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68427","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68444","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.6847","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68458","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68464","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68477","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7317"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/glennrp/libpng/issues/275","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/glennrp/libpng/issues/275"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/30","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/30"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/36","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/36"},{"reference_url":"https://seclists.org/bugtraq/2019/May/56","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/56"},{"reference_url":"https://seclists.org/bugtraq/2019/May/59","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/59"},{"reference_url":"https://seclists.org/bugtraq/2019/May/67","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/67"},{"reference_url":"https://security.gentoo.org/glsa/201908-02","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-02"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190719-0005/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4435","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4435"},{"reference_url":"https://www.debian.org/security/2019/dsa-4448","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4448"},{"reference_url":"https://www.debian.org/security/2019/dsa-4451","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4451"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.securityfocus.com/bid/108098","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672409","reference_id":"1672409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672409"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355","reference_id":"921355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355"},{"reference_url":"https://security.archlinux.org/ASA-201904-10","reference_id":"ASA-201904-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-10"},{"reference_url":"https://security.archlinux.org/ASA-201905-8","reference_id":"ASA-201905-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-8"},{"reference_url":"https://security.archlinux.org/ASA-201905-9","reference_id":"ASA-201905-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-9"},{"reference_url":"https://security.archlinux.org/AVG-868","reference_id":"AVG-868","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-868"},{"reference_url":"https://security.archlinux.org/AVG-965","reference_id":"AVG-965","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-965"},{"reference_url":"https://security.archlinux.org/AVG-966","reference_id":"AVG-966","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-966"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*","reference_id":"cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7317","reference_id":"CVE-2019-7317","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7317"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13","reference_id":"mfsa2019-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14","reference_id":"mfsa2019-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15","reference_id":"mfsa2019-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1265","reference_id":"RHSA-2019:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1267","reference_id":"RHSA-2019:1267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1269","reference_id":"RHSA-2019:1269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1308","reference_id":"RHSA-2019:1308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1309","reference_id":"RHSA-2019:1309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1310","reference_id":"RHSA-2019:1310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2494","reference_id":"RHSA-2019:2494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2495","reference_id":"RHSA-2019:2495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2585","reference_id":"RHSA-2019:2585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2590","reference_id":"RHSA-2019:2590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2592","reference_id":"RHSA-2019:2592","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2737","reference_id":"RHSA-2019:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2737"},{"reference_url":"https://usn.ubuntu.com/3962-1/","reference_id":"USN-3962-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3962-1/"},{"reference_url":"https://usn.ubuntu.com/3991-1/","reference_id":"USN-3991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3991-1/"},{"reference_url":"https://usn.ubuntu.com/3997-1/","reference_id":"USN-3997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3997-1/"},{"reference_url":"https://usn.ubuntu.com/4080-1/","reference_id":"USN-4080-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4080-1/"},{"reference_url":"https://usn.ubuntu.com/4083-1/","reference_id":"USN-4083-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4083-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049904?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.36-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xdm-ndp3-47f4"},{"vulnerability":"VCID-663w-wmsg-zkc5"},{"vulnerability":"VCID-7923-9g38-jqc3"},{"vulnerability":"VCID-7qam-er5a-gbas"},{"vulnerability":"VCID-dm7h-c7wt-1kbs"},{"vulnerability":"VCID-j7dk-wzkm-tfcr"},{"vulnerability":"VCID-kwag-k17x-kyaj"},{"vulnerability":"VCID-n4kj-urjq-2uav"},{"vulnerability":"VCID-p6b5-1ba6-b3f8"},{"vulnerability":"VCID-ptgq-884e-mkft"},{"vulnerability":"VCID-rm7f-ybuf-dyfq"},{"vulnerability":"VCID-xyhj-84d1-dqh3"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-6"}],"aliases":["CVE-2019-7317"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fx8t-41tv-hkdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66390?format=json","vulnerability_id":"VCID-j7dk-wzkm-tfcr","summary":"libpng: LIBPNG out-of-bounds read in png_image_read_composite","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66293","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25071","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25012","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24948","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24998","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.25018","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30418","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30416","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30374","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30342","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30324","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30279","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30216","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30101","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30023","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30511","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30323","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33248","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877","reference_id":"1121877","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711","reference_id":"2418711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711"},{"reference_url":"https://github.com/pnggroup/libpng/issues/764","reference_id":"764","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/issues/764"},{"reference_url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1","reference_id":"788a624d7387a758ffd5c7ab010f1870dea753a1","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_id":"a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f","reference_id":"GHSA-9mpm-9pxh-mg4f","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2072","reference_id":"RHSA-2026:2072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2633","reference_id":"RHSA-2026:2633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2659","reference_id":"RHSA-2026:2659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2671","reference_id":"RHSA-2026:2671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2974","reference_id":"RHSA-2026:2974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3415","reference_id":"RHSA-2026:3415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3861","reference_id":"RHSA-2026:3861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4419","reference_id":"RHSA-2026:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2025-66293"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7dk-wzkm-tfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42451?format=json","vulnerability_id":"VCID-kwag-k17x-kyaj","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64505","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01548","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01698","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02512","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02433","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02447","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02487","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02483","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02488","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07304","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07276","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07223","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219","reference_id":"1121219","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416905","reference_id":"2416905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416905"},{"reference_url":"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37","reference_id":"6a528eb5fd0dd7f6de1c39d30de0e41473431c37","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37"},{"reference_url":"https://github.com/pnggroup/libpng/pull/748","reference_id":"748","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/pull/748"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42","reference_id":"GHSA-4952-h5wq-4m42","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"},{"reference_url":"https://usn.ubuntu.com/8081-1/","reference_id":"USN-8081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8081-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2025-64505"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwag-k17x-kyaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42453?format=json","vulnerability_id":"VCID-n4kj-urjq-2uav","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64720","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16669","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23382","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23163","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23248","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23321","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23285","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23301","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27924","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27824","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27831","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28025","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643","reference_id":"08da33b4c88cfcd36e5a706558a8d7e0e4773643","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217","reference_id":"1121217","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416904","reference_id":"2416904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416904"},{"reference_url":"https://github.com/pnggroup/libpng/issues/686","reference_id":"686","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/issues/686"},{"reference_url":"https://github.com/pnggroup/libpng/pull/751","reference_id":"751","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/pull/751"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww","reference_id":"GHSA-hfc7-ph9c-wcww","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0251","reference_id":"RHSA-2026:0251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0251"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2025-64720"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kj-urjq-2uav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42452?format=json","vulnerability_id":"VCID-p6b5-1ba6-b3f8","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64506","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.044","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04364","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04344","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04685","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05879","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05715","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05791","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05858","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05871","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05874","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07304","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07276","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07223","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218","reference_id":"1121218","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416906","reference_id":"2416906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416906"},{"reference_url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821","reference_id":"2bd84c019c300b78e811743fbcddb67c9d9bf821","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821"},{"reference_url":"https://github.com/pnggroup/libpng/pull/749","reference_id":"749","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/pull/749"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6","reference_id":"GHSA-qpr4-xm66-hww6","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2025-64506"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6b5-1ba6-b3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63978?format=json","vulnerability_id":"VCID-ptgq-884e-mkft","summary":"libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33636","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0954","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09521","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09508","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09569","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15197","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15193","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16596","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16667","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16704","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16789","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16701","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16608","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16475","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013","reference_id":"1132013","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451819","reference_id":"2451819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451819"},{"reference_url":"https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869","reference_id":"7734cda20cf1236aef60f3bbd2267c97bbb40869","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"},{"reference_url":"https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3","reference_id":"aba9f18eba870d14fb52c5ba5d73451349e339c3","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2","reference_id":"GHSA-wjr5-c57x-95m2","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13922","reference_id":"RHSA-2026:13922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13977","reference_id":"RHSA-2026:13977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14223","reference_id":"RHSA-2026:14223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14303","reference_id":"RHSA-2026:14303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14790","reference_id":"RHSA-2026:14790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14791","reference_id":"RHSA-2026:14791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15889","reference_id":"RHSA-2026:15889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17524","reference_id":"RHSA-2026:17524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://usn.ubuntu.com/8251-1/","reference_id":"USN-8251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8251-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2026-33636"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9572?format=json","vulnerability_id":"VCID-q3qv-kycc-eqfw","summary":"Divide By Zero\nIn libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13785","reference_id":"","reference_type":"","scores":[{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.8639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86374","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86384","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86397","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86396","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86407","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86412","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86405","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86526","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86527","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86508","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86498","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03068","scoring_system":"epss","scoring_elements":"0.8688","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.88025","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.8804","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.88055","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.88053","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.88066","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.88014","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181018-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181018-0001/"},{"reference_url":"https://sourceforge.net/p/libpng/bugs/278/","reference_id":"","reference_type":"","scores":[],"url":"https://sourceforge.net/p/libpng/bugs/278/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/105599","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105599"},{"reference_url":"http://www.securitytracker.com/id/1041889","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041889"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599943","reference_id":"1599943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599943"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430","reference_id":"903430","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13785","reference_id":"CVE-2018-13785","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13785"},{"reference_url":"https://security.gentoo.org/glsa/201908-10","reference_id":"GLSA-201908-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3000","reference_id":"RHSA-2018:3000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3001","reference_id":"RHSA-2018:3001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3002","reference_id":"RHSA-2018:3002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3003","reference_id":"RHSA-2018:3003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3007","reference_id":"RHSA-2018:3007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3008","reference_id":"RHSA-2018:3008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3533","reference_id":"RHSA-2018:3533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3534","reference_id":"RHSA-2018:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3671","reference_id":"RHSA-2018:3671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3672","reference_id":"RHSA-2018:3672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3779","reference_id":"RHSA-2018:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3852","reference_id":"RHSA-2018:3852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3852"},{"reference_url":"https://usn.ubuntu.com/3712-1/","reference_id":"USN-3712-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3712-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1049904?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.36-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xdm-ndp3-47f4"},{"vulnerability":"VCID-663w-wmsg-zkc5"},{"vulnerability":"VCID-7923-9g38-jqc3"},{"vulnerability":"VCID-7qam-er5a-gbas"},{"vulnerability":"VCID-dm7h-c7wt-1kbs"},{"vulnerability":"VCID-j7dk-wzkm-tfcr"},{"vulnerability":"VCID-kwag-k17x-kyaj"},{"vulnerability":"VCID-n4kj-urjq-2uav"},{"vulnerability":"VCID-p6b5-1ba6-b3f8"},{"vulnerability":"VCID-ptgq-884e-mkft"},{"vulnerability":"VCID-rm7f-ybuf-dyfq"},{"vulnerability":"VCID-xyhj-84d1-dqh3"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-6"}],"aliases":["CVE-2018-13785"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3qv-kycc-eqfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65170?format=json","vulnerability_id":"VCID-rm7f-ybuf-dyfq","summary":"libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22695","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08627","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08535","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08689","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08702","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08655","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08657","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08594","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08736","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08824","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08788","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08816","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08597","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08673","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13266","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443","reference_id":"1125443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443"},{"reference_url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_id":"218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428825","reference_id":"2428825","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428825"},{"reference_url":"https://github.com/pnggroup/libpng/issues/778","reference_id":"778","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/issues/778"},{"reference_url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2","reference_id":"e4f7ad4ea2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp","reference_id":"GHSA-mmq5-27w3-rxpp","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2026-22695"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7f-ybuf-dyfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64639?format=json","vulnerability_id":"VCID-xyhj-84d1-dqh3","summary":"libpng: LIBPNG has a heap buffer overflow in png_set_quantize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25646","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23085","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23042","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23035","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23599","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23558","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23625","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23576","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23595","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23684","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2376","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23645","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23475","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26176","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26135","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_id":"01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566","reference_id":"1127566","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542","reference_id":"2438542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3","reference_id":"GHSA-g8hp-mq4h-rqm3","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14773","reference_id":"RHSA-2026:14773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15087","reference_id":"RHSA-2026:15087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3031","reference_id":"RHSA-2026:3031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3968","reference_id":"RHSA-2026:3968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3969","reference_id":"RHSA-2026:3969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4221","reference_id":"RHSA-2026:4221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4222","reference_id":"RHSA-2026:4222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4756","reference_id":"RHSA-2026:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6439","reference_id":"RHSA-2026:6439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6445","reference_id":"RHSA-2026:6445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6466","reference_id":"RHSA-2026:6466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6467","reference_id":"RHSA-2026:6467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6468","reference_id":"RHSA-2026:6468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6469","reference_id":"RHSA-2026:6469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6553","reference_id":"RHSA-2026:6553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7032","reference_id":"RHSA-2026:7032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7033","reference_id":"RHSA-2026:7033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7034","reference_id":"RHSA-2026:7034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7035","reference_id":"RHSA-2026:7035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7036","reference_id":"RHSA-2026:7036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7239","reference_id":"RHSA-2026:7239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7243","reference_id":"RHSA-2026:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"},{"reference_url":"https://usn.ubuntu.com/8039-1/","reference_id":"USN-8039-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8039-1/"},{"reference_url":"https://usn.ubuntu.com/8081-1/","reference_id":"USN-8081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8081-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"}],"aliases":["CVE-2026-25646"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyhj-84d1-dqh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351001?format=json","vulnerability_id":"VCID-zmjn-418h-ebg8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34757","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01718","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01717","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01728","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0363","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03675","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03629","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03618","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03491","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0348","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03716","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03651","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04462","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04529","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04531","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051","reference_id":"1133051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456918","reference_id":"2456918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456918"},{"reference_url":"https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a","reference_id":"398cbe3df03f4e11bb031e07f416dfdde3684e8a","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a"},{"reference_url":"https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc","reference_id":"55d20aaa322c9274491cda82c5cd4f99b48c6bcc","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc"},{"reference_url":"https://github.com/pnggroup/libpng/issues/836","reference_id":"836","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/issues/836"},{"reference_url":"https://github.com/pnggroup/libpng/issues/837","reference_id":"837","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/issues/837"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645","reference_id":"GHSA-6fr7-g8h7-v645","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13719","reference_id":"RHSA-2026:13719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13719"},{"reference_url":"https://usn.ubuntu.com/8251-1/","reference_id":"USN-8251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8251-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1026082?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1054624?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1109289?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1066751?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1109314?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1066753?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1072946?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1"}],"aliases":["CVE-2026-34757"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmjn-418h-ebg8"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.28-1%252Bdeb9u1"}