{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","type":"deb","namespace":"debian","name":"libgd2","version":"2.0.36~rc1~dfsg-3+lenny1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.3.3-9","latest_non_vulnerable_version":"2.3.3-9","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76155?format=json","vulnerability_id":"VCID-1gxu-d276-cbhc","summary":"The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9317.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9317","reference_id":"","reference_type":"","scores":[{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73296","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73332","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73338","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73324","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73311","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0074","scoring_system":"epss","scoring_elements":"0.73336","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417987","reference_id":"1417987","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417987"},{"reference_url":"https://usn.ubuntu.com/3213-1/","reference_id":"USN-3213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-9317"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gxu-d276-cbhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7114?format=json","vulnerability_id":"VCID-1q2y-e3kk-tkhf","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38115","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40808","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40725","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40803","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4076","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40779","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40748","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38115"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991912","reference_id":"991912","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991912"},{"reference_url":"https://security.archlinux.org/AVG-2258","reference_id":"AVG-2258","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2258"},{"reference_url":"https://usn.ubuntu.com/5068-1/","reference_id":"USN-5068-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5068-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/807066?format=json","purl":"pkg:deb/debian/libgd2@2.3.3-9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9"}],"aliases":["CVE-2021-38115"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1q2y-e3kk-tkhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76121?format=json","vulnerability_id":"VCID-2acw-93jf-vub1","summary":"Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8874.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8874.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8874","reference_id":"","reference_type":"","scores":[{"value":"0.04079","scoring_system":"epss","scoring_elements":"0.88757","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04079","scoring_system":"epss","scoring_elements":"0.88774","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04079","scoring_system":"epss","scoring_elements":"0.88773","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04079","scoring_system":"epss","scoring_elements":"0.88789","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1336772","reference_id":"1336772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1336772"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824627","reference_id":"824627","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824627"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://usn.ubuntu.com/2987-1/","reference_id":"USN-2987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2015-8874"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2acw-93jf-vub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76168?format=json","vulnerability_id":"VCID-2dp1-1n8v-fye9","summary":"When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11038","reference_id":"","reference_type":"","scores":[{"value":"0.1054","scoring_system":"epss","scoring_elements":"0.93397","published_at":"2026-06-04T12:55:00Z"},{"value":"0.1054","scoring_system":"epss","scoring_elements":"0.93408","published_at":"2026-06-05T12:55:00Z"},{"value":"0.1054","scoring_system":"epss","scoring_elements":"0.93409","published_at":"2026-06-08T12:55:00Z"},{"value":"0.1054","scoring_system":"epss","scoring_elements":"0.93417","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13224"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724149","reference_id":"1724149","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1724149"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821","reference_id":"929821","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2519","reference_id":"RHSA-2019:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3299","reference_id":"RHSA-2019:3299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3299"},{"reference_url":"https://usn.ubuntu.com/4316-1/","reference_id":"USN-4316-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4316-1/"},{"reference_url":"https://usn.ubuntu.com/4316-2/","reference_id":"USN-4316-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4316-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5616?format=json","purl":"pkg:deb/debian/libgd2@2.2.5-5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2"}],"aliases":["CVE-2019-11038"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dp1-1n8v-fye9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76116?format=json","vulnerability_id":"VCID-3qud-akea-9ugs","summary":"The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2497.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2497","reference_id":"","reference_type":"","scores":[{"value":"0.05174","scoring_system":"epss","scoring_elements":"0.90077","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05174","scoring_system":"epss","scoring_elements":"0.90092","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05174","scoring_system":"epss","scoring_elements":"0.90091","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05174","scoring_system":"epss","scoring_elements":"0.90089","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05174","scoring_system":"epss","scoring_elements":"0.90088","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05174","scoring_system":"epss","scoring_elements":"0.90102","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1076676","reference_id":"1076676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1076676"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744719","reference_id":"744719","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744719"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://security.gentoo.org/glsa/201607-04","reference_id":"GLSA-201607-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1326","reference_id":"RHSA-2014:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1327","reference_id":"RHSA-2014:1327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"},{"reference_url":"https://usn.ubuntu.com/2987-1/","reference_id":"USN-2987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4304?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-6.1%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-6.1%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/4305?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5"}],"aliases":["CVE-2014-2497"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qud-akea-9ugs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76139?format=json","vulnerability_id":"VCID-51xr-sq24-vqdh","summary":"The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6905.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6905","reference_id":"","reference_type":"","scores":[{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80822","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80849","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.8085","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80844","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80863","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1356485","reference_id":"1356485","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1356485"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6905"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51xr-sq24-vqdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76123?format=json","vulnerability_id":"VCID-747j-a5t9-jbh2","summary":"Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10166.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10166.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10166","reference_id":"","reference_type":"","scores":[{"value":"0.06873","scoring_system":"epss","scoring_elements":"0.91531","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06873","scoring_system":"epss","scoring_elements":"0.91544","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06873","scoring_system":"epss","scoring_elements":"0.91546","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06873","scoring_system":"epss","scoring_elements":"0.91543","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06873","scoring_system":"epss","scoring_elements":"0.91539","published_at":"2026-06-08T12:55:00Z"},{"value":"0.06873","scoring_system":"epss","scoring_elements":"0.91554","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418983","reference_id":"1418983","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2519","reference_id":"RHSA-2019:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3299","reference_id":"RHSA-2019:3299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3299"},{"reference_url":"https://usn.ubuntu.com/3213-1/","reference_id":"USN-3213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-10166"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-747j-a5t9-jbh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76120?format=json","vulnerability_id":"VCID-9fcm-gw6g-cqdw","summary":"The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9709.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9709.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9709","reference_id":"","reference_type":"","scores":[{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.93926","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.93935","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.93936","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.93933","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12088","scoring_system":"epss","scoring_elements":"0.9394","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9709"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1188639","reference_id":"1188639","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1188639"},{"reference_url":"https://security.gentoo.org/glsa/201606-10","reference_id":"GLSA-201606-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-10"},{"reference_url":"https://security.gentoo.org/glsa/201607-04","reference_id":"GLSA-201607-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1135","reference_id":"RHSA-2015:1135","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1135"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1218","reference_id":"RHSA-2015:1218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1218"},{"reference_url":"https://usn.ubuntu.com/2987-1/","reference_id":"USN-2987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4304?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-6.1%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-6.1%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/4305?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5"}],"aliases":["CVE-2014-9709"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fcm-gw6g-cqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76144?format=json","vulnerability_id":"VCID-9fne-q3yd-zub5","summary":"Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6912.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6912.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6912","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65017","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.6506","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65071","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65059","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65047","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65065","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417977","reference_id":"1417977","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417977"},{"reference_url":"https://usn.ubuntu.com/3213-1/","reference_id":"USN-3213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6912"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fne-q3yd-zub5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76132?format=json","vulnerability_id":"VCID-9zpe-9dfy-fuh1","summary":"The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6161.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6161.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6161","reference_id":"","reference_type":"","scores":[{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.7116","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.71203","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.71177","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.71209","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00647","scoring_system":"epss","scoring_elements":"0.71192","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353550","reference_id":"1353550","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353550"},{"reference_url":"https://usn.ubuntu.com/3030-1/","reference_id":"USN-3030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6161"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zpe-9dfy-fuh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76126?format=json","vulnerability_id":"VCID-agay-5tse-xqbw","summary":"Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3074.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3074","reference_id":"","reference_type":"","scores":[{"value":"0.60488","scoring_system":"epss","scoring_elements":"0.98311","published_at":"2026-06-04T12:55:00Z"},{"value":"0.60488","scoring_system":"epss","scoring_elements":"0.98315","published_at":"2026-06-07T12:55:00Z"},{"value":"0.60488","scoring_system":"epss","scoring_elements":"0.98316","published_at":"2026-06-08T12:55:00Z"},{"value":"0.60488","scoring_system":"epss","scoring_elements":"0.98314","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1321893","reference_id":"1321893","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1321893"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822242","reference_id":"822242","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822242"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39736.txt","reference_id":"CVE-2016-3074","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/39736.txt"},{"reference_url":"https://security.gentoo.org/glsa/201607-04","reference_id":"GLSA-201607-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://usn.ubuntu.com/2987-1/","reference_id":"USN-2987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4304?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-6.1%2Bdeb7u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-6.1%252Bdeb7u2"},{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-3074"],"risk_score":5.0,"exploitability":"2.0","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agay-5tse-xqbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4160?format=json","vulnerability_id":"VCID-ah9z-dsuw-4yay","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6977.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6977","reference_id":"","reference_type":"","scores":[{"value":"0.87883","scoring_system":"epss","scoring_elements":"0.99491","published_at":"2026-06-08T12:55:00Z"},{"value":"0.87883","scoring_system":"epss","scoring_elements":"0.99492","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672207","reference_id":"1672207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672207"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920645","reference_id":"920645","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920645"},{"reference_url":"https://security.archlinux.org/AVG-865","reference_id":"AVG-865","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-865"},{"reference_url":"https://github.com/cfreal/exploits/blob/1a671d1d8510e93a0b2607261e9b779562585fe2/CVE-2019-6977-imagecolormatch/exploit.php","reference_id":"CVE-2019-6977","reference_type":"exploit","scores":[],"url":"https://github.com/cfreal/exploits/blob/1a671d1d8510e93a0b2607261e9b779562585fe2/CVE-2019-6977-imagecolormatch/exploit.php"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46677.php","reference_id":"CVE-2019-6977","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/46677.php"},{"reference_url":"https://security.gentoo.org/glsa/201903-18","reference_id":"GLSA-201903-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2519","reference_id":"RHSA-2019:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2519"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3299","reference_id":"RHSA-2019:3299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4659","reference_id":"RHSA-2020:4659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4659"},{"reference_url":"https://usn.ubuntu.com/3900-1/","reference_id":"USN-3900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3900-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5616?format=json","purl":"pkg:deb/debian/libgd2@2.2.5-5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2"}],"aliases":["CVE-2019-6977"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ah9z-dsuw-4yay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76141?format=json","vulnerability_id":"VCID-ayrd-pwjy-ryet","summary":"The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6906.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6906","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.6386","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63903","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.6391","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.639","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63888","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63908","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435313","reference_id":"1435313","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435313"},{"reference_url":"https://usn.ubuntu.com/3213-1/","reference_id":"USN-3213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6906"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ayrd-pwjy-ryet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4161?format=json","vulnerability_id":"VCID-f61f-hcan-3kag","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5711.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5711.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5711","reference_id":"","reference_type":"","scores":[{"value":"0.10274","scoring_system":"epss","scoring_elements":"0.933","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10274","scoring_system":"epss","scoring_elements":"0.93316","published_at":"2026-06-09T12:55:00Z"},{"value":"0.10274","scoring_system":"epss","scoring_elements":"0.9331","published_at":"2026-06-07T12:55:00Z"},{"value":"0.10274","scoring_system":"epss","scoring_elements":"0.93308","published_at":"2026-06-08T12:55:00Z"},{"value":"0.10274","scoring_system":"epss","scoring_elements":"0.93311","published_at":"2026-06-05T12:55:00Z"},{"value":"0.10274","scoring_system":"epss","scoring_elements":"0.93312","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16642"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1535246","reference_id":"1535246","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1535246"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887485","reference_id":"887485","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887485"},{"reference_url":"https://security.archlinux.org/AVG-865","reference_id":"AVG-865","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-865"},{"reference_url":"https://security.gentoo.org/glsa/201903-18","reference_id":"GLSA-201903-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1296","reference_id":"RHSA-2018:1296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2519","reference_id":"RHSA-2019:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2519"},{"reference_url":"https://usn.ubuntu.com/3755-1/","reference_id":"USN-3755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5616?format=json","purl":"pkg:deb/debian/libgd2@2.2.5-5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2"}],"aliases":["CVE-2018-5711"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f61f-hcan-3kag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76122?format=json","vulnerability_id":"VCID-hghm-njcu-audc","summary":"The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8877.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8877","reference_id":"","reference_type":"","scores":[{"value":"0.02317","scoring_system":"epss","scoring_elements":"0.85081","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02317","scoring_system":"epss","scoring_elements":"0.85105","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02317","scoring_system":"epss","scoring_elements":"0.85109","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02317","scoring_system":"epss","scoring_elements":"0.85104","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02317","scoring_system":"epss","scoring_elements":"0.85094","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02317","scoring_system":"epss","scoring_elements":"0.85108","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338907","reference_id":"1338907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1338907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://usn.ubuntu.com/2987-1/","reference_id":"USN-2987-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2987-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2015-8877"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hghm-njcu-audc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76130?format=json","vulnerability_id":"VCID-jvzj-485k-4fcw","summary":"The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6128.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6128","reference_id":"","reference_type":"","scores":[{"value":"0.09006","scoring_system":"epss","scoring_elements":"0.92784","published_at":"2026-06-09T12:55:00Z"},{"value":"0.09006","scoring_system":"epss","scoring_elements":"0.92777","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09006","scoring_system":"epss","scoring_elements":"0.92772","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09006","scoring_system":"epss","scoring_elements":"0.9277","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12098","scoring_system":"epss","scoring_elements":"0.93939","published_at":"2026-06-05T12:55:00Z"},{"value":"0.12098","scoring_system":"epss","scoring_elements":"0.9393","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351603","reference_id":"1351603","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351603"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829062","reference_id":"829062","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829062"},{"reference_url":"https://security.gentoo.org/glsa/201612-09","reference_id":"GLSA-201612-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://usn.ubuntu.com/3030-1/","reference_id":"USN-3030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6128"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvzj-485k-4fcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6755?format=json","vulnerability_id":"VCID-k417-e3eb-g7h7","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7568.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7568.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7568","reference_id":"","reference_type":"","scores":[{"value":"0.03421","scoring_system":"epss","scoring_elements":"0.8769","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03421","scoring_system":"epss","scoring_elements":"0.87667","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03421","scoring_system":"epss","scoring_elements":"0.87701","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03421","scoring_system":"epss","scoring_elements":"0.87689","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380450","reference_id":"1380450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380450"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839659","reference_id":"839659","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839659"},{"reference_url":"https://security.archlinux.org/ASA-201611-19","reference_id":"ASA-201611-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-19"},{"reference_url":"https://security.archlinux.org/AVG-58","reference_id":"AVG-58","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-58"},{"reference_url":"https://security.gentoo.org/glsa/201612-09","reference_id":"GLSA-201612-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-09"},{"reference_url":"https://usn.ubuntu.com/3117-1/","reference_id":"USN-3117-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3117-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-7568"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k417-e3eb-g7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76134?format=json","vulnerability_id":"VCID-mjr6-8pyz-tbbc","summary":"Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6207.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6207.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6207","reference_id":"","reference_type":"","scores":[{"value":"0.08719","scoring_system":"epss","scoring_elements":"0.92637","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08719","scoring_system":"epss","scoring_elements":"0.9265","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08719","scoring_system":"epss","scoring_elements":"0.92646","published_at":"2026-06-06T12:55:00Z"},{"value":"0.08719","scoring_system":"epss","scoring_elements":"0.92641","published_at":"2026-06-07T12:55:00Z"},{"value":"0.08719","scoring_system":"epss","scoring_elements":"0.92639","published_at":"2026-06-08T12:55:00Z"},{"value":"0.08719","scoring_system":"epss","scoring_elements":"0.92658","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6207"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359800","reference_id":"1359800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1359800"},{"reference_url":"https://security.gentoo.org/glsa/201612-09","reference_id":"GLSA-201612-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://usn.ubuntu.com/3060-1/","reference_id":"USN-3060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6207"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjr6-8pyz-tbbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76159?format=json","vulnerability_id":"VCID-mmz8-qzzx-gkgv","summary":"Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6362.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6362.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6362","reference_id":"","reference_type":"","scores":[{"value":"0.01378","scoring_system":"epss","scoring_elements":"0.80594","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01378","scoring_system":"epss","scoring_elements":"0.80634","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01378","scoring_system":"epss","scoring_elements":"0.80618","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01378","scoring_system":"epss","scoring_elements":"0.80614","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01378","scoring_system":"epss","scoring_elements":"0.80619","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01378","scoring_system":"epss","scoring_elements":"0.80621","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6362"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489842","reference_id":"1489842","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489842"},{"reference_url":"https://usn.ubuntu.com/3410-1/","reference_id":"USN-3410-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3410-1/"},{"reference_url":"https://usn.ubuntu.com/3410-2/","reference_id":"USN-3410-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3410-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5616?format=json","purl":"pkg:deb/debian/libgd2@2.2.5-5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2"}],"aliases":["CVE-2017-6362"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mmz8-qzzx-gkgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6752?format=json","vulnerability_id":"VCID-n7ad-auw3-ffbf","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9933.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9933.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9933","reference_id":"","reference_type":"","scores":[{"value":"0.08286","scoring_system":"epss","scoring_elements":"0.92391","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08286","scoring_system":"epss","scoring_elements":"0.92412","published_at":"2026-06-09T12:55:00Z"},{"value":"0.08286","scoring_system":"epss","scoring_elements":"0.92395","published_at":"2026-06-07T12:55:00Z"},{"value":"0.08286","scoring_system":"epss","scoring_elements":"0.92394","published_at":"2026-06-08T12:55:00Z"},{"value":"0.08286","scoring_system":"epss","scoring_elements":"0.92404","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08286","scoring_system":"epss","scoring_elements":"0.924","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9138","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9138"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404723","reference_id":"1404723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404723"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849038","reference_id":"849038","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849038"},{"reference_url":"https://security.archlinux.org/ASA-201611-19","reference_id":"ASA-201611-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-19"},{"reference_url":"https://security.archlinux.org/AVG-58","reference_id":"AVG-58","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1296","reference_id":"RHSA-2018:1296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"reference_url":"https://usn.ubuntu.com/3213-1/","reference_id":"USN-3213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-9933"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7ad-auw3-ffbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4162?format=json","vulnerability_id":"VCID-n9rj-dt33-23fq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000222.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000222","reference_id":"","reference_type":"","scores":[{"value":"0.00897","scoring_system":"epss","scoring_elements":"0.76013","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00897","scoring_system":"epss","scoring_elements":"0.76042","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00897","scoring_system":"epss","scoring_elements":"0.7603","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00897","scoring_system":"epss","scoring_elements":"0.76017","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00897","scoring_system":"epss","scoring_elements":"0.76038","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000222"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1621953","reference_id":"1621953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1621953"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906886","reference_id":"906886","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906886"},{"reference_url":"https://security.archlinux.org/AVG-865","reference_id":"AVG-865","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-865"},{"reference_url":"https://security.gentoo.org/glsa/201903-18","reference_id":"GLSA-201903-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-18"},{"reference_url":"https://usn.ubuntu.com/3755-1/","reference_id":"USN-3755-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3755-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5616?format=json","purl":"pkg:deb/debian/libgd2@2.2.5-5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2"}],"aliases":["CVE-2018-1000222"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9rj-dt33-23fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6754?format=json","vulnerability_id":"VCID-nhyy-v6r3-4bdm","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8670.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8670.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8670","reference_id":"","reference_type":"","scores":[{"value":"0.01746","scoring_system":"epss","scoring_elements":"0.82886","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01746","scoring_system":"epss","scoring_elements":"0.82913","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01746","scoring_system":"epss","scoring_elements":"0.82908","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01746","scoring_system":"epss","scoring_elements":"0.829","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01746","scoring_system":"epss","scoring_elements":"0.82912","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391068","reference_id":"1391068","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391068"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840805","reference_id":"840805","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840805"},{"reference_url":"https://security.archlinux.org/ASA-201611-19","reference_id":"ASA-201611-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-19"},{"reference_url":"https://security.archlinux.org/AVG-58","reference_id":"AVG-58","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-58"},{"reference_url":"https://usn.ubuntu.com/3117-1/","reference_id":"USN-3117-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3117-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-8670"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhyy-v6r3-4bdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7113?format=json","vulnerability_id":"VCID-phqx-kavt-n3hh","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40145","reference_id":"","reference_type":"","scores":[{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69569","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69522","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69561","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69567","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69559","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69547","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40145"},{"reference_url":"https://security.archlinux.org/AVG-2258","reference_id":"AVG-2258","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2258"},{"reference_url":"https://usn.ubuntu.com/5068-1/","reference_id":"USN-5068-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5068-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/807066?format=json","purl":"pkg:deb/debian/libgd2@2.3.3-9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9"}],"aliases":["CVE-2021-40145"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phqx-kavt-n3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76127?format=json","vulnerability_id":"VCID-q426-7jze-9fd7","summary":"gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5116.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5116","reference_id":"","reference_type":"","scores":[{"value":"0.02396","scoring_system":"epss","scoring_elements":"0.85356","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02396","scoring_system":"epss","scoring_elements":"0.85349","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02396","scoring_system":"epss","scoring_elements":"0.85351","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02396","scoring_system":"epss","scoring_elements":"0.85327","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02396","scoring_system":"epss","scoring_elements":"0.8535","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02396","scoring_system":"epss","scoring_elements":"0.85335","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340856","reference_id":"1340856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340856"},{"reference_url":"https://usn.ubuntu.com/3030-1/","reference_id":"USN-3030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-5116"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q426-7jze-9fd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4159?format=json","vulnerability_id":"VCID-s5y9-es4d-ubf4","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6978.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6978","reference_id":"","reference_type":"","scores":[{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.86698","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.86718","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.86716","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.86706","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.8672","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.86719","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6978"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6978"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671390","reference_id":"1671390","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671390"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728","reference_id":"920728","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920728"},{"reference_url":"https://security.archlinux.org/AVG-865","reference_id":"AVG-865","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-865"},{"reference_url":"https://security.gentoo.org/glsa/201903-18","reference_id":"GLSA-201903-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-18"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2722","reference_id":"RHSA-2019:2722","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2722"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3943","reference_id":"RHSA-2020:3943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4659","reference_id":"RHSA-2020:4659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4659"},{"reference_url":"https://usn.ubuntu.com/3900-1/","reference_id":"USN-3900-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3900-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5616?format=json","purl":"pkg:deb/debian/libgd2@2.2.5-5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2"}],"aliases":["CVE-2019-6978"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5y9-es4d-ubf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76131?format=json","vulnerability_id":"VCID-sj9f-wqdq-3fcu","summary":"The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6132.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6132","reference_id":"","reference_type":"","scores":[{"value":"0.02125","scoring_system":"epss","scoring_elements":"0.84471","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02125","scoring_system":"epss","scoring_elements":"0.84495","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02125","scoring_system":"epss","scoring_elements":"0.84499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02125","scoring_system":"epss","scoring_elements":"0.84492","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02125","scoring_system":"epss","scoring_elements":"0.8448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02125","scoring_system":"epss","scoring_elements":"0.84493","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1352544","reference_id":"1352544","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1352544"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829694","reference_id":"829694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829694"},{"reference_url":"https://security.gentoo.org/glsa/201612-09","reference_id":"GLSA-201612-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-09"},{"reference_url":"https://usn.ubuntu.com/3060-1/","reference_id":"USN-3060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6132"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sj9f-wqdq-3fcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4822?format=json","vulnerability_id":"VCID-sszg-2r3w-qqht","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3546.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3546.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3546","reference_id":"","reference_type":"","scores":[{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89501","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.8952","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89519","published_at":"2026-06-06T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89517","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04663","scoring_system":"epss","scoring_elements":"0.89536","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=529213","reference_id":"529213","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=529213"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552534","reference_id":"552534","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552534"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525","reference_id":"601525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525"},{"reference_url":"https://security.archlinux.org/ASA-201701-1","reference_id":"ASA-201701-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-1"},{"reference_url":"https://security.archlinux.org/AVG-16","reference_id":"AVG-16","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-16"},{"reference_url":"https://security.gentoo.org/glsa/201001-03","reference_id":"GLSA-201001-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201001-03"},{"reference_url":"https://security.gentoo.org/glsa/201006-16","reference_id":"GLSA-201006-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0003","reference_id":"RHSA-2010:0003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0040","reference_id":"RHSA-2010:0040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0040"},{"reference_url":"https://usn.ubuntu.com/854-1/","reference_id":"USN-854-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/854-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4302?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-5"}],"aliases":["CVE-2009-3546"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sszg-2r3w-qqht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76167?format=json","vulnerability_id":"VCID-sxpu-ax7r-v3d3","summary":"gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14553.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14553.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14553","reference_id":"","reference_type":"","scores":[{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77103","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77134","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77144","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77133","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77123","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77145","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14553"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1600727","reference_id":"1600727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1600727"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287","reference_id":"951287","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4659","reference_id":"RHSA-2020:4659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4659"},{"reference_url":"https://usn.ubuntu.com/4316-1/","reference_id":"USN-4316-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4316-1/"},{"reference_url":"https://usn.ubuntu.com/4316-2/","reference_id":"USN-4316-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4316-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/518710?format=json","purl":"pkg:deb/debian/libgd2@2.3.0-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2"}],"aliases":["CVE-2018-14553"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxpu-ax7r-v3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76162?format=json","vulnerability_id":"VCID-tw3k-f4zp-pff5","summary":"In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says \"In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6363","reference_id":"","reference_type":"","scores":[{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62398","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62444","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62453","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62443","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62428","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62442","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6363"},{"reference_url":"https://usn.ubuntu.com/5068-1/","reference_id":"USN-5068-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5068-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/518710?format=json","purl":"pkg:deb/debian/libgd2@2.3.0-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2"}],"aliases":["CVE-2017-6363"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tw3k-f4zp-pff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76164?format=json","vulnerability_id":"VCID-u49t-hum7-9ffk","summary":"The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7890.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7890.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7890","reference_id":"","reference_type":"","scores":[{"value":"0.30217","scoring_system":"epss","scoring_elements":"0.9677","published_at":"2026-06-04T12:55:00Z"},{"value":"0.30217","scoring_system":"epss","scoring_elements":"0.96782","published_at":"2026-06-09T12:55:00Z"},{"value":"0.30217","scoring_system":"epss","scoring_elements":"0.96779","published_at":"2026-06-07T12:55:00Z"},{"value":"0.30217","scoring_system":"epss","scoring_elements":"0.96777","published_at":"2026-06-08T12:55:00Z"},{"value":"0.30217","scoring_system":"epss","scoring_elements":"0.96774","published_at":"2026-06-05T12:55:00Z"},{"value":"0.30217","scoring_system":"epss","scoring_elements":"0.96778","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7890"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7890"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1473822","reference_id":"1473822","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1473822"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869263","reference_id":"869263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0406","reference_id":"RHSA-2018:0406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1296","reference_id":"RHSA-2018:1296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"reference_url":"https://usn.ubuntu.com/3389-1/","reference_id":"USN-3389-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3389-1/"},{"reference_url":"https://usn.ubuntu.com/3389-2/","reference_id":"USN-3389-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3389-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5616?format=json","purl":"pkg:deb/debian/libgd2@2.2.5-5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.5-5.2"}],"aliases":["CVE-2017-7890"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u49t-hum7-9ffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76137?format=json","vulnerability_id":"VCID-v6wp-snfa-kyfk","summary":"gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6214.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6214","reference_id":"","reference_type":"","scores":[{"value":"0.02222","scoring_system":"epss","scoring_elements":"0.84805","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02222","scoring_system":"epss","scoring_elements":"0.84829","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02222","scoring_system":"epss","scoring_elements":"0.84833","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02222","scoring_system":"epss","scoring_elements":"0.84827","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02222","scoring_system":"epss","scoring_elements":"0.84816","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02222","scoring_system":"epss","scoring_elements":"0.84831","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1356466","reference_id":"1356466","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1356466"},{"reference_url":"https://usn.ubuntu.com/3060-1/","reference_id":"USN-3060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6214"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6wp-snfa-kyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7112?format=json","vulnerability_id":"VCID-vjvh-efm4-wyes","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40812","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3375","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33668","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33741","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33716","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.3377","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33785","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40812"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9","reference_id":"6f5136821be86e7068fcdf651ae9420b5d42e9a9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/"}],"url":"https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9"},{"reference_url":"https://github.com/libgd/libgd/issues/750#issuecomment-914872385","reference_id":"750#issuecomment-914872385","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/"}],"url":"https://github.com/libgd/libgd/issues/750#issuecomment-914872385"},{"reference_url":"https://security.archlinux.org/AVG-2258","reference_id":"AVG-2258","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2258"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T16:15:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00003.html"},{"reference_url":"https://usn.ubuntu.com/7112-1/","reference_id":"USN-7112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7112-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/807066?format=json","purl":"pkg:deb/debian/libgd2@2.3.3-9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9"}],"aliases":["CVE-2021-40812"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjvh-efm4-wyes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76115?format=json","vulnerability_id":"VCID-wdcy-9v3g-xqaz","summary":"gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7456","reference_id":"","reference_type":"","scores":[{"value":"0.01328","scoring_system":"epss","scoring_elements":"0.80272","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01328","scoring_system":"epss","scoring_elements":"0.80298","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01328","scoring_system":"epss","scoring_elements":"0.80301","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01328","scoring_system":"epss","scoring_elements":"0.80297","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01328","scoring_system":"epss","scoring_elements":"0.8029","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01328","scoring_system":"epss","scoring_elements":"0.80311","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340433","reference_id":"1340433","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1340433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://usn.ubuntu.com/3030-1/","reference_id":"USN-3030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2013-7456"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdcy-9v3g-xqaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76128?format=json","vulnerability_id":"VCID-x4mv-43g5-nke4","summary":"Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5766.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5766.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5766","reference_id":"","reference_type":"","scores":[{"value":"0.16232","scoring_system":"epss","scoring_elements":"0.94938","published_at":"2026-06-04T12:55:00Z"},{"value":"0.18313","scoring_system":"epss","scoring_elements":"0.95345","published_at":"2026-06-05T12:55:00Z"},{"value":"0.18313","scoring_system":"epss","scoring_elements":"0.95353","published_at":"2026-06-09T12:55:00Z"},{"value":"0.18313","scoring_system":"epss","scoring_elements":"0.95347","published_at":"2026-06-06T12:55:00Z"},{"value":"0.18313","scoring_system":"epss","scoring_elements":"0.95349","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6132"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351068","reference_id":"1351068","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351068"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829014","reference_id":"829014","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829014"},{"reference_url":"https://security.gentoo.org/glsa/201612-09","reference_id":"GLSA-201612-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2598","reference_id":"RHSA-2016:2598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5443","reference_id":"RHSA-2020:5443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5443"},{"reference_url":"https://usn.ubuntu.com/3030-1/","reference_id":"USN-3030-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3030-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-5766"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4mv-43g5-nke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6757?format=json","vulnerability_id":"VCID-xg2k-447u-v3a7","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6911.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6911","reference_id":"","reference_type":"","scores":[{"value":"0.00641","scoring_system":"epss","scoring_elements":"0.70985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00641","scoring_system":"epss","scoring_elements":"0.71028","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00641","scoring_system":"epss","scoring_elements":"0.71017","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00641","scoring_system":"epss","scoring_elements":"0.71002","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00641","scoring_system":"epss","scoring_elements":"0.71027","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00641","scoring_system":"epss","scoring_elements":"0.71034","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388787","reference_id":"1388787","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840806","reference_id":"840806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840806"},{"reference_url":"https://security.archlinux.org/ASA-201611-19","reference_id":"ASA-201611-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-19"},{"reference_url":"https://security.archlinux.org/AVG-58","reference_id":"AVG-58","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-58"},{"reference_url":"https://usn.ubuntu.com/3117-1/","reference_id":"USN-3117-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3117-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-6911"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg2k-447u-v3a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76125?format=json","vulnerability_id":"VCID-ycsd-7h8w-z3dc","summary":"Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10168.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10168.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10168","reference_id":"","reference_type":"","scores":[{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70019","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.7006","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70069","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70051","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70039","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00606","scoring_system":"epss","scoring_elements":"0.70063","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418986","reference_id":"1418986","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3221","reference_id":"RHSA-2017:3221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1296","reference_id":"RHSA-2018:1296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"reference_url":"https://usn.ubuntu.com/3213-1/","reference_id":"USN-3213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-10168"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ycsd-7h8w-z3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76124?format=json","vulnerability_id":"VCID-zmw1-xfeg-ufhv","summary":"The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10167.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10167.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10167","reference_id":"","reference_type":"","scores":[{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72384","published_at":"2026-06-04T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72426","published_at":"2026-06-05T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72432","published_at":"2026-06-06T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72413","published_at":"2026-06-07T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72399","published_at":"2026-06-08T12:55:00Z"},{"value":"0.007","scoring_system":"epss","scoring_elements":"0.72424","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418984","reference_id":"1418984","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1418984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3221","reference_id":"RHSA-2017:3221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:1296","reference_id":"RHSA-2018:1296","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:1296"},{"reference_url":"https://usn.ubuntu.com/3213-1/","reference_id":"USN-3213-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3213-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4306?format=json","purl":"pkg:deb/debian/libgd2@2.1.0-5%2Bdeb8u11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.1.0-5%252Bdeb8u11"},{"url":"http://public2.vulnerablecode.io/api/packages/5007?format=json","purl":"pkg:deb/debian/libgd2@2.2.4-2%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-vjvh-efm4-wyes"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.2.4-2%252Bdeb9u5"}],"aliases":["CVE-2016-10167"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmw1-xfeg-ufhv"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76107?format=json","vulnerability_id":"VCID-3q4m-hshg-bued","summary":"Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3478.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3478","reference_id":"","reference_type":"","scores":[{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94557","published_at":"2026-06-04T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94566","published_at":"2026-06-05T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94567","published_at":"2026-06-06T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94569","published_at":"2026-06-08T12:55:00Z"},{"value":"0.14445","scoring_system":"epss","scoring_elements":"0.94574","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=277231","reference_id":"277231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=277231"},{"reference_url":"https://security.gentoo.org/glsa/200708-05","reference_id":"GLSA-200708-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-3478"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q4m-hshg-bued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76105?format=json","vulnerability_id":"VCID-an95-jkf8-dqex","summary":"Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3476.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3476","reference_id":"","reference_type":"","scores":[{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92205","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92217","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92215","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92213","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92214","published_at":"2026-06-08T12:55:00Z"},{"value":"0.07951","scoring_system":"epss","scoring_elements":"0.92228","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=277201","reference_id":"277201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=277201"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525","reference_id":"601525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525"},{"reference_url":"https://security.gentoo.org/glsa/200708-05","reference_id":"GLSA-200708-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0146","reference_id":"RHSA-2008:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0146"},{"reference_url":"https://usn.ubuntu.com/854-1/","reference_id":"USN-854-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/854-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-3476"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-an95-jkf8-dqex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76109?format=json","vulnerability_id":"VCID-cecd-jqtu-2fag","summary":"Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3996.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3996","reference_id":"","reference_type":"","scores":[{"value":"0.15128","scoring_system":"epss","scoring_elements":"0.94718","published_at":"2026-06-04T12:55:00Z"},{"value":"0.15128","scoring_system":"epss","scoring_elements":"0.94726","published_at":"2026-06-05T12:55:00Z"},{"value":"0.15128","scoring_system":"epss","scoring_elements":"0.94727","published_at":"2026-06-06T12:55:00Z"},{"value":"0.15128","scoring_system":"epss","scoring_elements":"0.94729","published_at":"2026-06-08T12:55:00Z"},{"value":"0.15128","scoring_system":"epss","scoring_elements":"0.94734","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3996"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=278031","reference_id":"278031","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=278031"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443456","reference_id":"443456","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443456"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525","reference_id":"601525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525"},{"reference_url":"https://security.gentoo.org/glsa/200710-02","reference_id":"GLSA-200710-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200710-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0888","reference_id":"RHSA-2007:0888","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0889","reference_id":"RHSA-2007:0889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0890","reference_id":"RHSA-2007:0890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0891","reference_id":"RHSA-2007:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0891"},{"reference_url":"https://usn.ubuntu.com/557-1/","reference_id":"USN-557-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/557-1/"},{"reference_url":"https://usn.ubuntu.com/720-1/","reference_id":"USN-720-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/720-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-3996"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cecd-jqtu-2fag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4828?format=json","vulnerability_id":"VCID-cyvz-5zr4-pbf1","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0455.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0455.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0455","reference_id":"","reference_type":"","scores":[{"value":"0.0427","scoring_system":"epss","scoring_elements":"0.89036","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0427","scoring_system":"epss","scoring_elements":"0.89053","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05488","scoring_system":"epss","scoring_elements":"0.90379","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05488","scoring_system":"epss","scoring_elements":"0.90394","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-0455"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=224607","reference_id":"224607","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=224607"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408982","reference_id":"408982","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408982"},{"reference_url":"https://security.archlinux.org/ASA-201701-1","reference_id":"ASA-201701-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-1"},{"reference_url":"https://security.archlinux.org/AVG-16","reference_id":"AVG-16","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0153","reference_id":"RHSA-2007:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0155","reference_id":"RHSA-2007:0155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0162","reference_id":"RHSA-2007:0162","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0146","reference_id":"RHSA-2008:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0146"},{"reference_url":"https://usn.ubuntu.com/473-1/","reference_id":"USN-473-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/473-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-0455"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cyvz-5zr4-pbf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76129?format=json","vulnerability_id":"VCID-eevm-m3bb-8qgu","summary":"Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5767.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5767","reference_id":"","reference_type":"","scores":[{"value":"0.04623","scoring_system":"epss","scoring_elements":"0.89455","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04623","scoring_system":"epss","scoring_elements":"0.89474","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04623","scoring_system":"epss","scoring_elements":"0.89489","published_at":"2026-06-09T12:55:00Z"},{"value":"0.04623","scoring_system":"epss","scoring_elements":"0.89473","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04623","scoring_system":"epss","scoring_elements":"0.89471","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351069","reference_id":"1351069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1351069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2598","reference_id":"RHSA-2016:2598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2750","reference_id":"RHSA-2016:2750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2750"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2016-5767"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eevm-m3bb-8qgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76103?format=json","vulnerability_id":"VCID-f1zm-p91y-zff4","summary":"The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2445.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2445.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2445","reference_id":"","reference_type":"","scores":[{"value":"0.38264","scoring_system":"epss","scoring_elements":"0.97313","published_at":"2026-06-04T12:55:00Z"},{"value":"0.38264","scoring_system":"epss","scoring_elements":"0.97317","published_at":"2026-06-05T12:55:00Z"},{"value":"0.38264","scoring_system":"epss","scoring_elements":"0.97319","published_at":"2026-06-07T12:55:00Z"},{"value":"0.38746","scoring_system":"epss","scoring_elements":"0.97344","published_at":"2026-06-08T12:55:00Z"},{"value":"0.38746","scoring_system":"epss","scoring_elements":"0.97346","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=239425","reference_id":"239425","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=239425"},{"reference_url":"https://security.gentoo.org/glsa/200705-24","reference_id":"GLSA-200705-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200705-24"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0356","reference_id":"RHSA-2007:0356","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0356"},{"reference_url":"https://usn.ubuntu.com/472-1/","reference_id":"USN-472-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/472-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-2445"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1zm-p91y-zff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4825?format=json","vulnerability_id":"VCID-jjvk-4v4g-bqfq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3473.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3473","reference_id":"","reference_type":"","scores":[{"value":"0.10534","scoring_system":"epss","scoring_elements":"0.93395","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10534","scoring_system":"epss","scoring_elements":"0.93407","published_at":"2026-06-08T12:55:00Z"},{"value":"0.10534","scoring_system":"epss","scoring_elements":"0.93408","published_at":"2026-06-06T12:55:00Z"},{"value":"0.10534","scoring_system":"epss","scoring_elements":"0.93415","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=276791","reference_id":"276791","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=276791"},{"reference_url":"https://security.archlinux.org/ASA-201701-1","reference_id":"ASA-201701-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-1"},{"reference_url":"https://security.archlinux.org/AVG-16","reference_id":"AVG-16","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-16"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30251.c","reference_id":"CVE-2007-3473;OSVDB-37744","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30251.c"},{"reference_url":"https://www.securityfocus.com/bid/24651/info","reference_id":"CVE-2007-3473;OSVDB-37744","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/24651/info"},{"reference_url":"https://security.gentoo.org/glsa/200708-05","reference_id":"GLSA-200708-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0146","reference_id":"RHSA-2008:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-3473"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjvk-4v4g-bqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4826?format=json","vulnerability_id":"VCID-nsfy-b6g8-rkdr","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3472.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3472","reference_id":"","reference_type":"","scores":[{"value":"0.05891","scoring_system":"epss","scoring_elements":"0.90752","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05891","scoring_system":"epss","scoring_elements":"0.90765","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05891","scoring_system":"epss","scoring_elements":"0.90763","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05891","scoring_system":"epss","scoring_elements":"0.90761","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05891","scoring_system":"epss","scoring_elements":"0.90777","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=276751","reference_id":"276751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=276751"},{"reference_url":"https://security.archlinux.org/ASA-201701-1","reference_id":"ASA-201701-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-1"},{"reference_url":"https://security.archlinux.org/AVG-16","reference_id":"AVG-16","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-16"},{"reference_url":"https://security.gentoo.org/glsa/200708-05","reference_id":"GLSA-200708-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0146","reference_id":"RHSA-2008:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-3472"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsfy-b6g8-rkdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76104?format=json","vulnerability_id":"VCID-qup6-a9mr-pkdj","summary":"The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3475.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3475","reference_id":"","reference_type":"","scores":[{"value":"0.1443","scoring_system":"epss","scoring_elements":"0.94554","published_at":"2026-06-04T12:55:00Z"},{"value":"0.1443","scoring_system":"epss","scoring_elements":"0.94562","published_at":"2026-06-05T12:55:00Z"},{"value":"0.1443","scoring_system":"epss","scoring_elements":"0.94564","published_at":"2026-06-06T12:55:00Z"},{"value":"0.1443","scoring_system":"epss","scoring_elements":"0.94566","published_at":"2026-06-08T12:55:00Z"},{"value":"0.1443","scoring_system":"epss","scoring_elements":"0.94571","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=277181","reference_id":"277181","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=277181"},{"reference_url":"https://security.gentoo.org/glsa/200708-05","reference_id":"GLSA-200708-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0146","reference_id":"RHSA-2008:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0146"},{"reference_url":"https://usn.ubuntu.com/854-1/","reference_id":"USN-854-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/854-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-3475"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qup6-a9mr-pkdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4827?format=json","vulnerability_id":"VCID-u7zp-wrg4-gub2","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2756.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2756.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2756","reference_id":"","reference_type":"","scores":[{"value":"0.06829","scoring_system":"epss","scoring_elements":"0.91516","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06829","scoring_system":"epss","scoring_elements":"0.91501","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06829","scoring_system":"epss","scoring_elements":"0.91514","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06829","scoring_system":"epss","scoring_elements":"0.91525","published_at":"2026-06-09T12:55:00Z"},{"value":"0.06829","scoring_system":"epss","scoring_elements":"0.91513","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06829","scoring_system":"epss","scoring_elements":"0.9151","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=242033","reference_id":"242033","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=242033"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426100","reference_id":"426100","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426100"},{"reference_url":"https://security.archlinux.org/ASA-201701-1","reference_id":"ASA-201701-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-1"},{"reference_url":"https://security.archlinux.org/AVG-16","reference_id":"AVG-16","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-16"},{"reference_url":"https://security.gentoo.org/glsa/200708-05","reference_id":"GLSA-200708-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-05"},{"reference_url":"https://security.gentoo.org/glsa/200710-02","reference_id":"GLSA-200710-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200710-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0889","reference_id":"RHSA-2007:0889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0890","reference_id":"RHSA-2007:0890","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0891","reference_id":"RHSA-2007:0891","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0891"},{"reference_url":"https://access.redhat.com/errata/RHSA-2008:0146","reference_id":"RHSA-2008:0146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2008:0146"},{"reference_url":"https://usn.ubuntu.com/473-1/","reference_id":"USN-473-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/473-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-2756"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7zp-wrg4-gub2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4824?format=json","vulnerability_id":"VCID-ut49-mx4f-pka8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3477.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3477","reference_id":"","reference_type":"","scores":[{"value":"0.07202","scoring_system":"epss","scoring_elements":"0.91758","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07202","scoring_system":"epss","scoring_elements":"0.91744","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07202","scoring_system":"epss","scoring_elements":"0.91755","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07202","scoring_system":"epss","scoring_elements":"0.91767","published_at":"2026-06-09T12:55:00Z"},{"value":"0.07202","scoring_system":"epss","scoring_elements":"0.91754","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07202","scoring_system":"epss","scoring_elements":"0.91752","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=277221","reference_id":"277221","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=277221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525","reference_id":"601525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601525"},{"reference_url":"https://security.archlinux.org/ASA-201701-1","reference_id":"ASA-201701-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-1"},{"reference_url":"https://security.archlinux.org/AVG-16","reference_id":"AVG-16","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-16"},{"reference_url":"https://security.gentoo.org/glsa/200708-05","reference_id":"GLSA-200708-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200708-05"},{"reference_url":"https://usn.ubuntu.com/854-1/","reference_id":"USN-854-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/854-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4301?format=json","purl":"pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxu-d276-cbhc"},{"vulnerability":"VCID-1q2y-e3kk-tkhf"},{"vulnerability":"VCID-2acw-93jf-vub1"},{"vulnerability":"VCID-2dp1-1n8v-fye9"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-51xr-sq24-vqdh"},{"vulnerability":"VCID-747j-a5t9-jbh2"},{"vulnerability":"VCID-9fcm-gw6g-cqdw"},{"vulnerability":"VCID-9fne-q3yd-zub5"},{"vulnerability":"VCID-9zpe-9dfy-fuh1"},{"vulnerability":"VCID-agay-5tse-xqbw"},{"vulnerability":"VCID-ah9z-dsuw-4yay"},{"vulnerability":"VCID-ayrd-pwjy-ryet"},{"vulnerability":"VCID-f61f-hcan-3kag"},{"vulnerability":"VCID-hghm-njcu-audc"},{"vulnerability":"VCID-jvzj-485k-4fcw"},{"vulnerability":"VCID-k417-e3eb-g7h7"},{"vulnerability":"VCID-mjr6-8pyz-tbbc"},{"vulnerability":"VCID-mmz8-qzzx-gkgv"},{"vulnerability":"VCID-n7ad-auw3-ffbf"},{"vulnerability":"VCID-n9rj-dt33-23fq"},{"vulnerability":"VCID-nhyy-v6r3-4bdm"},{"vulnerability":"VCID-phqx-kavt-n3hh"},{"vulnerability":"VCID-q426-7jze-9fd7"},{"vulnerability":"VCID-s5y9-es4d-ubf4"},{"vulnerability":"VCID-sj9f-wqdq-3fcu"},{"vulnerability":"VCID-sszg-2r3w-qqht"},{"vulnerability":"VCID-sxpu-ax7r-v3d3"},{"vulnerability":"VCID-tw3k-f4zp-pff5"},{"vulnerability":"VCID-u49t-hum7-9ffk"},{"vulnerability":"VCID-v6wp-snfa-kyfk"},{"vulnerability":"VCID-vjvh-efm4-wyes"},{"vulnerability":"VCID-wdcy-9v3g-xqaz"},{"vulnerability":"VCID-x4mv-43g5-nke4"},{"vulnerability":"VCID-xg2k-447u-v3a7"},{"vulnerability":"VCID-ycsd-7h8w-z3dc"},{"vulnerability":"VCID-zmw1-xfeg-ufhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}],"aliases":["CVE-2007-3477"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ut49-mx4f-pka8"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.0.36~rc1~dfsg-3%252Blenny1"}