{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","type":"deb","namespace":"debian","name":"libpng1.6","version":"1.6.58-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7242?format=json","vulnerability_id":"VCID-26ny-2nf5-33d9","summary":"libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33636","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14165","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013","reference_id":"1132013","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451819","reference_id":"2451819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451819"},{"reference_url":"https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869","reference_id":"7734cda20cf1236aef60f3bbd2267c97bbb40869","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"},{"reference_url":"https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3","reference_id":"aba9f18eba870d14fb52c5ba5d73451349e339c3","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2","reference_id":"GHSA-wjr5-c57x-95m2","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13922","reference_id":"RHSA-2026:13922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13977","reference_id":"RHSA-2026:13977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14223","reference_id":"RHSA-2026:14223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14303","reference_id":"RHSA-2026:14303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14790","reference_id":"RHSA-2026:14790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14791","reference_id":"RHSA-2026:14791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15889","reference_id":"RHSA-2026:15889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17524","reference_id":"RHSA-2026:17524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17567","reference_id":"RHSA-2026:17567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17603","reference_id":"RHSA-2026:17603","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17603"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17642","reference_id":"RHSA-2026:17642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17685","reference_id":"RHSA-2026:17685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17685"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://usn.ubuntu.com/8251-1/","reference_id":"USN-8251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8251-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350307?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350306?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350309?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350308?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33636"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-26ny-2nf5-33d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64153?format=json","vulnerability_id":"VCID-3846-k31e-qqht","summary":"libpng: NULL pointer dereference in png_set_text_2()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10087","reference_id":"","reference_type":"","scores":[{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76367","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409617","reference_id":"1409617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409617"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799","reference_id":"849799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799"},{"reference_url":"https://security.archlinux.org/ASA-201701-2","reference_id":"ASA-201701-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-2"},{"reference_url":"https://security.archlinux.org/ASA-201701-5","reference_id":"ASA-201701-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-5"},{"reference_url":"https://security.archlinux.org/AVG-119","reference_id":"AVG-119","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-119"},{"reference_url":"https://security.archlinux.org/AVG-120","reference_id":"AVG-120","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-120"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10087","reference_id":"CVE-2016-10087","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10087"},{"reference_url":"https://security.gentoo.org/glsa/201701-74","reference_id":"GLSA-201701-74","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-74"},{"reference_url":"https://usn.ubuntu.com/3712-1/","reference_id":"USN-3712-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3712-1/"},{"reference_url":"https://usn.ubuntu.com/3712-2/","reference_id":"USN-3712-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3712-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350287?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.27-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.27-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10087"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3846-k31e-qqht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66482?format=json","vulnerability_id":"VCID-3j8e-v8aq-myct","summary":"libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8472","reference_id":"","reference_type":"","scores":[{"value":"0.04094","scoring_system":"epss","scoring_elements":"0.88765","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1281756","reference_id":"1281756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1281756"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112","reference_id":"807112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8472","reference_id":"CVE-2015-8472","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2594","reference_id":"RHSA-2015:2594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2595","reference_id":"RHSA-2015:2595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2596","reference_id":"RHSA-2015:2596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0055","reference_id":"RHSA-2016:0055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0056","reference_id":"RHSA-2016:0056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0057","reference_id":"RHSA-2016:0057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0098","reference_id":"RHSA-2016:0098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0099","reference_id":"RHSA-2016:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0100","reference_id":"RHSA-2016:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0101","reference_id":"RHSA-2016:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"reference_url":"https://usn.ubuntu.com/2861-1/","reference_id":"USN-2861-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2861-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350286?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8472"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3j8e-v8aq-myct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14499?format=json","vulnerability_id":"VCID-5m1f-m92p-8bay","summary":"libpng: LIBPNG out-of-bounds read in png_image_read_composite","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66293","reference_id":"","reference_type":"","scores":[{"value":"0.00137","scoring_system":"epss","scoring_elements":"0.33385","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877","reference_id":"1121877","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711","reference_id":"2418711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711"},{"reference_url":"https://github.com/pnggroup/libpng/issues/764","reference_id":"764","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/issues/764"},{"reference_url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1","reference_id":"788a624d7387a758ffd5c7ab010f1870dea753a1","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_id":"a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f","reference_id":"GHSA-9mpm-9pxh-mg4f","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2072","reference_id":"RHSA-2026:2072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2633","reference_id":"RHSA-2026:2633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2659","reference_id":"RHSA-2026:2659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2671","reference_id":"RHSA-2026:2671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2974","reference_id":"RHSA-2026:2974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3415","reference_id":"RHSA-2026:3415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3861","reference_id":"RHSA-2026:3861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4419","reference_id":"RHSA-2026:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350295?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350294?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350297?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350298?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.52-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.52-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66293"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5m1f-m92p-8bay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54090?format=json","vulnerability_id":"VCID-5n9b-crnu-j3hw","summary":"libpng: does not check length of chunks against user limit","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12652","reference_id":"","reference_type":"","scores":[{"value":"0.00626","scoring_system":"epss","scoring_elements":"0.70538","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/109269","reference_id":"109269","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"http://www.securityfocus.com/bid/109269"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733956","reference_id":"1733956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733956"},{"reference_url":"https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55","reference_id":"347538efbdc21b8df684ebd92d37400b3ce85d55","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55"},{"reference_url":"https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","reference_id":"ANNOUNCE","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12652","reference_id":"CVE-2017-12652","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12652"},{"reference_url":"https://support.f5.com/csp/article/K88124225","reference_id":"K88124225","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://support.f5.com/csp/article/K88124225"},{"reference_url":"https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS","reference_id":"K88124225?utm_source=f5support&utm_medium=RSS","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0003/","reference_id":"ntap-20220506-0003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220506-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3901","reference_id":"RHSA-2020:3901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3901"},{"reference_url":"https://usn.ubuntu.com/5432-1/","reference_id":"USN-5432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5432-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5432-2/","reference_id":"USN-USN-5432-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5432-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350288?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.32-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.32-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2017-12652"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5n9b-crnu-j3hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67264?format=json","vulnerability_id":"VCID-5qkr-qykw-vqgt","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40930"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350312?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-40930"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qkr-qykw-vqgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14838?format=json","vulnerability_id":"VCID-66u3-82zs-5bek","summary":"libpng: LIBPNG heap buffer over-read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64506","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.06098","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218","reference_id":"1121218","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416906","reference_id":"2416906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416906"},{"reference_url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821","reference_id":"2bd84c019c300b78e811743fbcddb67c9d9bf821","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821"},{"reference_url":"https://github.com/pnggroup/libpng/pull/749","reference_id":"749","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/pull/749"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6","reference_id":"GHSA-qpr4-xm66-hww6","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350295?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350294?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350297?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350296?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64506"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-66u3-82zs-5bek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58857?format=json","vulnerability_id":"VCID-6ytz-41qe-nqek","summary":"libpng: Segmentation fault in png.c:png_free_data function causing denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14048","reference_id":"","reference_type":"","scores":[{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73348","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608073","reference_id":"1608073","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608073"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14048","reference_id":"CVE-2018-14048","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14048"},{"reference_url":"https://usn.ubuntu.com/5432-1/","reference_id":"USN-5432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5432-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5432-2/","reference_id":"USN-USN-5432-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5432-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350290?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14048"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ytz-41qe-nqek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68007?format=json","vulnerability_id":"VCID-9cut-5v1e-kfgf","summary":"libpng: Heap-buffer overflow png_combine_row() with very wide interlaced images","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0973.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0973.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0973","reference_id":"","reference_type":"","scores":[{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83974","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0973"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/10/1","reference_id":"1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1177327","reference_id":"1177327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1177327"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/10/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/3"},{"reference_url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/","reference_id":"33173461","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/"},{"reference_url":"http://secunia.com/advisories/62725","reference_id":"62725","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://secunia.com/advisories/62725"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823","reference_id":"773823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673","reference_id":"775673","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0973","reference_id":"CVE-2015-0973","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0973"},{"reference_url":"http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt","reference_id":"libpng_heap_overflow_1.6.15.txt","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240719-0005/","reference_id":"ntap-20240719-0005","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240719-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350285?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2015-0973"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9cut-5v1e-kfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14839?format=json","vulnerability_id":"VCID-9jye-h6m1-uqhf","summary":"libpng: LIBPNG heap buffer overflow via malformed palette index","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64505","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02572","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219","reference_id":"1121219","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416905","reference_id":"2416905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416905"},{"reference_url":"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37","reference_id":"6a528eb5fd0dd7f6de1c39d30de0e41473431c37","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37"},{"reference_url":"https://github.com/pnggroup/libpng/pull/748","reference_id":"748","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/pull/748"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42","reference_id":"GHSA-4952-h5wq-4m42","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"},{"reference_url":"https://usn.ubuntu.com/8081-1/","reference_id":"USN-8081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8081-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350295?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350294?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350297?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350296?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64505"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jye-h6m1-uqhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68978?format=json","vulnerability_id":"VCID-abkq-xugq-2qbg","summary":"libpng: denial of service via png_push_read_chunk()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0333","reference_id":"","reference_type":"","scores":[{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.7372","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1070985","reference_id":"1070985","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1070985"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0333","reference_id":"CVE-2014-0333","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0333"},{"reference_url":"https://security.gentoo.org/glsa/201408-06","reference_id":"GLSA-201408-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350281?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0333"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abkq-xugq-2qbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56447?format=json","vulnerability_id":"VCID-c578-7yh5-7bap","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13785","reference_id":"","reference_type":"","scores":[{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.88172","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599943","reference_id":"1599943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599943"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430","reference_id":"903430","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13785","reference_id":"CVE-2018-13785","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13785"},{"reference_url":"https://security.gentoo.org/glsa/201908-10","reference_id":"GLSA-201908-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3000","reference_id":"RHSA-2018:3000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3001","reference_id":"RHSA-2018:3001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3002","reference_id":"RHSA-2018:3002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3003","reference_id":"RHSA-2018:3003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3007","reference_id":"RHSA-2018:3007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3008","reference_id":"RHSA-2018:3008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3533","reference_id":"RHSA-2018:3533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3534","reference_id":"RHSA-2018:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3671","reference_id":"RHSA-2018:3671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3672","reference_id":"RHSA-2018:3672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3779","reference_id":"RHSA-2018:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3852","reference_id":"RHSA-2018:3852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3852"},{"reference_url":"https://usn.ubuntu.com/3712-1/","reference_id":"USN-3712-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3712-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350289?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.34-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.34-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2018-13785"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c578-7yh5-7bap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68010?format=json","vulnerability_id":"VCID-dqtm-dr5e-5ufq","summary":"libpng: buffer overflow in png_combine_row","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9495","reference_id":"","reference_type":"","scores":[{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87782","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/10/1","reference_id":"1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/1"},{"reference_url":"http://www.securitytracker.com/id/1031444","reference_id":"1031444","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.securitytracker.com/id/1031444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179186","reference_id":"1179186","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179186"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/04/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/04/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/10/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/3"},{"reference_url":"http://sourceforge.net/p/png-mng/mailman/message/33172831/","reference_id":"33172831","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://sourceforge.net/p/png-mng/mailman/message/33172831/"},{"reference_url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/","reference_id":"33173461","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/"},{"reference_url":"http://secunia.com/advisories/62725","reference_id":"62725","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://secunia.com/advisories/62725"},{"reference_url":"http://www.securityfocus.com/bid/71820","reference_id":"71820","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.securityfocus.com/bid/71820"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823","reference_id":"773823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824","reference_id":"773824","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9495","reference_id":"CVE-2014-9495","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9495"},{"reference_url":"https://security.gentoo.org/glsa/201502-10","reference_id":"GLSA-201502-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350285?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9495"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqtm-dr5e-5ufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6711?format=json","vulnerability_id":"VCID-fgjw-tfum-rfgc","summary":"libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34757","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00477","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051","reference_id":"1133051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456918","reference_id":"2456918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456918"},{"reference_url":"https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a","reference_id":"398cbe3df03f4e11bb031e07f416dfdde3684e8a","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a"},{"reference_url":"https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc","reference_id":"55d20aaa322c9274491cda82c5cd4f99b48c6bcc","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc"},{"reference_url":"https://github.com/pnggroup/libpng/issues/836","reference_id":"836","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/issues/836"},{"reference_url":"https://github.com/pnggroup/libpng/issues/837","reference_id":"837","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/issues/837"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645","reference_id":"GHSA-6fr7-g8h7-v645","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13719","reference_id":"RHSA-2026:13719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13719"},{"reference_url":"https://usn.ubuntu.com/8251-1/","reference_id":"USN-8251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8251-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350310?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350311?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-34757"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgjw-tfum-rfgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14827?format=json","vulnerability_id":"VCID-g9jj-qcjq-h3d4","summary":"libpng: LIBPNG buffer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64720","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23545","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643","reference_id":"08da33b4c88cfcd36e5a706558a8d7e0e4773643","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217","reference_id":"1121217","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416904","reference_id":"2416904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416904"},{"reference_url":"https://github.com/pnggroup/libpng/issues/686","reference_id":"686","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/issues/686"},{"reference_url":"https://github.com/pnggroup/libpng/pull/751","reference_id":"751","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/pull/751"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww","reference_id":"GHSA-hfc7-ph9c-wcww","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0251","reference_id":"RHSA-2026:0251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0251"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350295?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350294?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350297?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350296?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64720"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9jj-qcjq-h3d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68866?format=json","vulnerability_id":"VCID-hgnx-u76a-7kej","summary":"libpng: integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7354.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7354","reference_id":"","reference_type":"","scores":[{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68813","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086516","reference_id":"1086516","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086516"},{"reference_url":"http://sourceforge.net/p/libpng/bugs/199/","reference_id":"199","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/"}],"url":"http://sourceforge.net/p/libpng/bugs/199/"},{"reference_url":"http://www.securityfocus.com/bid/67344","reference_id":"67344","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/"}],"url":"http://www.securityfocus.com/bid/67344"},{"reference_url":"http://seclists.org/oss-sec/2014/q2/83","reference_id":"83","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/"}],"url":"http://seclists.org/oss-sec/2014/q2/83"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7354","reference_id":"CVE-2013-7354","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7354"},{"reference_url":"https://security.gentoo.org/glsa/201408-06","reference_id":"GLSA-201408-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-06"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350281?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2013-7354"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgnx-u76a-7kej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12113?format=json","vulnerability_id":"VCID-msp8-t4u3-4ubt","summary":"libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22695","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13604","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443","reference_id":"1125443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443"},{"reference_url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_id":"218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428825","reference_id":"2428825","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428825"},{"reference_url":"https://github.com/pnggroup/libpng/issues/778","reference_id":"778","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/issues/778"},{"reference_url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2","reference_id":"e4f7ad4ea2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp","reference_id":"GHSA-mmq5-27w3-rxpp","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350300?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350299?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350302?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350301?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.54-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22695"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-msp8-t4u3-4ubt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12102?format=json","vulnerability_id":"VCID-pd31-msjy-e3fe","summary":"libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22801","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.07003","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444","reference_id":"1125444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428824","reference_id":"2428824","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428824"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8","reference_id":"GHSA-vgjq-8cw5-ggw8","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350300?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350299?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350302?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350301?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.54-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22801"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pd31-msjy-e3fe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68865?format=json","vulnerability_id":"VCID-teyp-1gtw-fffb","summary":"libpng: integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks()","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7353.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7353.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7353","reference_id":"","reference_type":"","scores":[{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61745","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086514","reference_id":"1086514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086514"},{"reference_url":"http://sourceforge.net/p/libpng/bugs/199/","reference_id":"199","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/"}],"url":"http://sourceforge.net/p/libpng/bugs/199/"},{"reference_url":"http://www.securityfocus.com/bid/67345","reference_id":"67345","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/"}],"url":"http://www.securityfocus.com/bid/67345"},{"reference_url":"http://seclists.org/oss-sec/2014/q2/83","reference_id":"83","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/"}],"url":"http://seclists.org/oss-sec/2014/q2/83"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7353","reference_id":"CVE-2013-7353","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7353"},{"reference_url":"https://security.gentoo.org/glsa/201408-06","reference_id":"GLSA-201408-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-06"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350281?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2013-7353"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-teyp-1gtw-fffb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56796?format=json","vulnerability_id":"VCID-u35c-rj5s-fqes","summary":"libpng: memory leak of png_info struct in pngcp.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6129","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.52025","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667127","reference_id":"1667127","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667127"},{"reference_url":"https://github.com/glennrp/libpng/issues/269","reference_id":"269","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:09:53Z/"}],"url":"https://github.com/glennrp/libpng/issues/269"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350291?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2019-6129"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u35c-rj5s-fqes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43888?format=json","vulnerability_id":"VCID-vf8c-ynvr-qbfe","summary":"Out-of-bounds write in libpng\nAn issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14550","reference_id":"","reference_type":"","scores":[{"value":"0.01831","scoring_system":"epss","scoring_elements":"0.83229","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token"},{"reference_url":"https://github.com/glennrp/libpng","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/glennrp/libpng"},{"reference_url":"https://github.com/glennrp/libpng/issues/246","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/glennrp/libpng/issues/246"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14550","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14550"},{"reference_url":"https://security.gentoo.org/glsa/201908-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201908-02"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221028-0001","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221028-0001"},{"reference_url":"https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608800","reference_id":"1608800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608800"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350290?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14550","GHSA-qwwr-qc2p-6283"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vf8c-ynvr-qbfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1607?format=json","vulnerability_id":"VCID-w3t6-s6tj-vuds","summary":"A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is processed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7317","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68734","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/108098","reference_id":"108098","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"http://www.securityfocus.com/bid/108098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672409","reference_id":"1672409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672409"},{"reference_url":"https://github.com/glennrp/libpng/issues/275","reference_id":"275","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://github.com/glennrp/libpng/issues/275"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/30","reference_id":"30","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://seclists.org/bugtraq/2019/Apr/30"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/36","reference_id":"36","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://seclists.org/bugtraq/2019/Apr/36"},{"reference_url":"https://usn.ubuntu.com/3962-1/","reference_id":"3962-1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://usn.ubuntu.com/3962-1/"},{"reference_url":"https://usn.ubuntu.com/3991-1/","reference_id":"3991-1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://usn.ubuntu.com/3991-1/"},{"reference_url":"https://usn.ubuntu.com/3997-1/","reference_id":"3997-1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://usn.ubuntu.com/3997-1/"},{"reference_url":"https://usn.ubuntu.com/4080-1/","reference_id":"4080-1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://usn.ubuntu.com/4080-1/"},{"reference_url":"https://usn.ubuntu.com/4083-1/","reference_id":"4083-1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://usn.ubuntu.com/4083-1/"},{"reference_url":"https://seclists.org/bugtraq/2019/May/56","reference_id":"56","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://seclists.org/bugtraq/2019/May/56"},{"reference_url":"https://seclists.org/bugtraq/2019/May/59","reference_id":"59","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://seclists.org/bugtraq/2019/May/59"},{"reference_url":"https://seclists.org/bugtraq/2019/May/67","reference_id":"67","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://seclists.org/bugtraq/2019/May/67"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355","reference_id":"921355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355"},{"reference_url":"https://security.archlinux.org/ASA-201904-10","reference_id":"ASA-201904-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-10"},{"reference_url":"https://security.archlinux.org/ASA-201905-8","reference_id":"ASA-201905-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-8"},{"reference_url":"https://security.archlinux.org/ASA-201905-9","reference_id":"ASA-201905-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-9"},{"reference_url":"https://security.archlinux.org/AVG-868","reference_id":"AVG-868","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-868"},{"reference_url":"https://security.archlinux.org/AVG-965","reference_id":"AVG-965","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-965"},{"reference_url":"https://security.archlinux.org/AVG-966","reference_id":"AVG-966","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-966"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7317","reference_id":"CVE-2019-7317","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7317"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","reference_id":"detail?id=12803","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","reference_id":"display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4435","reference_id":"dsa-4435","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://www.debian.org/security/2019/dsa-4435"},{"reference_url":"https://www.debian.org/security/2019/dsa-4448","reference_id":"dsa-4448","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://www.debian.org/security/2019/dsa-4448"},{"reference_url":"https://www.debian.org/security/2019/dsa-4451","reference_id":"dsa-4451","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://www.debian.org/security/2019/dsa-4451"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13","reference_id":"mfsa2019-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14","reference_id":"mfsa2019-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15","reference_id":"mfsa2019-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","reference_id":"msg00032.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","reference_id":"msg00044.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","reference_id":"msg00084.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0005/","reference_id":"ntap-20190719-0005","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190719-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1265","reference_id":"RHSA-2019:1265","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1267","reference_id":"RHSA-2019:1267","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1269","reference_id":"RHSA-2019:1269","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1308","reference_id":"RHSA-2019:1308","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1309","reference_id":"RHSA-2019:1309","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1310","reference_id":"RHSA-2019:1310","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:1310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2494","reference_id":"RHSA-2019:2494","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2495","reference_id":"RHSA-2019:2495","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2585","reference_id":"RHSA-2019:2585","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2590","reference_id":"RHSA-2019:2590","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2592","reference_id":"RHSA-2019:2592","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2737","reference_id":"RHSA-2019:2737","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:2737"},{"reference_url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","reference_id":"Slackware-Security-Advisory-libpng-Updates.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T18:24:04Z/"}],"url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350292?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.36-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7317"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3t6-s6tj-vuds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10060?format=json","vulnerability_id":"VCID-xw2w-9v3w-7ugy","summary":"libpng: LIBPNG has a heap buffer overflow in png_set_quantize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25646","reference_id":"","reference_type":"","scores":[{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23833","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_id":"01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566","reference_id":"1127566","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542","reference_id":"2438542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3","reference_id":"GHSA-g8hp-mq4h-rqm3","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12274","reference_id":"RHSA-2026:12274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14773","reference_id":"RHSA-2026:14773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15087","reference_id":"RHSA-2026:15087","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15087"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:16174","reference_id":"RHSA-2026:16174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:16174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17596","reference_id":"RHSA-2026:17596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3031","reference_id":"RHSA-2026:3031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3968","reference_id":"RHSA-2026:3968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3969","reference_id":"RHSA-2026:3969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4221","reference_id":"RHSA-2026:4221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4222","reference_id":"RHSA-2026:4222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4756","reference_id":"RHSA-2026:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6439","reference_id":"RHSA-2026:6439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6445","reference_id":"RHSA-2026:6445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6466","reference_id":"RHSA-2026:6466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6467","reference_id":"RHSA-2026:6467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6468","reference_id":"RHSA-2026:6468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6469","reference_id":"RHSA-2026:6469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6553","reference_id":"RHSA-2026:6553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7032","reference_id":"RHSA-2026:7032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7033","reference_id":"RHSA-2026:7033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7034","reference_id":"RHSA-2026:7034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7035","reference_id":"RHSA-2026:7035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7036","reference_id":"RHSA-2026:7036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7239","reference_id":"RHSA-2026:7239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7243","reference_id":"RHSA-2026:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"},{"reference_url":"https://usn.ubuntu.com/8039-1/","reference_id":"USN-8039-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8039-1/"},{"reference_url":"https://usn.ubuntu.com/8081-1/","reference_id":"USN-8081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8081-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350300?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350303?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350305?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350304?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.55-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.55-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-25646"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw2w-9v3w-7ugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11201?format=json","vulnerability_id":"VCID-yusd-m9he-3kbj","summary":"libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28164","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09065","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433398","reference_id":"2433398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433398"},{"reference_url":"https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20","reference_id":"506516f8c22178005b4379c8b2a7de20","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/"}],"url":"https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20"},{"reference_url":"https://github.com/pnggroup/libpng/issues/655","reference_id":"655","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/"}],"url":"https://github.com/pnggroup/libpng/issues/655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7993-1/","reference_id":"USN-7993-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7993-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350293?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.47-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.47-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-28164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yusd-m9he-3kbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14820?format=json","vulnerability_id":"VCID-zhj1-4sn9-qbbm","summary":"libpng: LIBPNG heap buffer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65018","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20492","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216","reference_id":"1121216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216"},{"reference_url":"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d","reference_id":"16b5e3823918840aae65c0a6da57c78a5a496a4d","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"},{"reference_url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_id":"218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416907","reference_id":"2416907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416907"},{"reference_url":"https://github.com/pnggroup/libpng/issues/755","reference_id":"755","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/issues/755"},{"reference_url":"https://github.com/pnggroup/libpng/pull/757","reference_id":"757","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/pull/757"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g","reference_id":"GHSA-7wv6-48j4-hj3g","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350295?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350294?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350297?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350296?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-65018"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhj1-4sn9-qbbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7247?format=json","vulnerability_id":"VCID-ztv5-xba4-c3cc","summary":"libpng: libpng: Arbitrary code execution due to use-after-free vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33416","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06776","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012","reference_id":"1132012","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012"},{"reference_url":"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb","reference_id":"23019269764e35ed8458e517f1897bd3c54820eb","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805","reference_id":"2451805","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805"},{"reference_url":"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667","reference_id":"7ea9eea884a2328cc7fdcb3c0c00246a50d90667","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"},{"reference_url":"https://github.com/pnggroup/libpng/pull/824","reference_id":"824","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/pull/824"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25","reference_id":"a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"},{"reference_url":"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1","reference_id":"c1b0318b393c90679e6fa5bc1d329fd5d5012ec1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j","reference_id":"GHSA-m4pc-p4q3-4c7j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13922","reference_id":"RHSA-2026:13922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13977","reference_id":"RHSA-2026:13977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14223","reference_id":"RHSA-2026:14223","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14223"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14303","reference_id":"RHSA-2026:14303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:15889","reference_id":"RHSA-2026:15889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:15889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18028","reference_id":"RHSA-2026:18028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18064","reference_id":"RHSA-2026:18064","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18064"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20548","reference_id":"RHSA-2026:20548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20549","reference_id":"RHSA-2026:20549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20550","reference_id":"RHSA-2026:20550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20551","reference_id":"RHSA-2026:20551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"},{"reference_url":"https://usn.ubuntu.com/8251-1/","reference_id":"USN-8251-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8251-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350282?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5qkr-qykw-vqgt"},{"vulnerability":"VCID-u35c-rj5s-fqes"},{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350307?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350306?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350280?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-yusd-m9he-3kbj"},{"vulnerability":"VCID-zx6x-7hz7-zug3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350309?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350308?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33416"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztv5-xba4-c3cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11203?format=json","vulnerability_id":"VCID-zx6x-7hz7-zug3","summary":"libpng: libpng: Denial of Service via buffer overflow in pngimage utility","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28162","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09065","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433407","reference_id":"2433407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433407"},{"reference_url":"https://github.com/pnggroup/libpng/issues/656","reference_id":"656","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/"}],"url":"https://github.com/pnggroup/libpng/issues/656"},{"reference_url":"https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60","reference_id":"fbfdb9b5610c6b3db0d5dea045a07c60","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/"}],"url":"https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7993-1/","reference_id":"USN-7993-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7993-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/350293?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.47-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.47-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350284?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/350283?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-28162"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zx6x-7hz7-zug3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}