{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","type":"deb","namespace":"debian","name":"libpng1.6","version":"1.6.48-1+deb13u3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6.48-1+deb13u4","latest_non_vulnerable_version":"1.6.58-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/351001?format=json","vulnerability_id":"VCID-zmjn-418h-ebg8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34757","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01728","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01717","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01718","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03629","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03618","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03491","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0348","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0363","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03675","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051","reference_id":"1133051","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456918","reference_id":"2456918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456918"},{"reference_url":"https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a","reference_id":"398cbe3df03f4e11bb031e07f416dfdde3684e8a","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a"},{"reference_url":"https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc","reference_id":"55d20aaa322c9274491cda82c5cd4f99b48c6bcc","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc"},{"reference_url":"https://github.com/pnggroup/libpng/issues/836","reference_id":"836","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/issues/836"},{"reference_url":"https://github.com/pnggroup/libpng/issues/837","reference_id":"837","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/issues/837"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645","reference_id":"GHSA-6fr7-g8h7-v645","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13719","reference_id":"RHSA-2026:13719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13719"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-34757"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmjn-418h-ebg8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9619?format=json","vulnerability_id":"VCID-2xdm-ndp3-47f4","summary":"Improper Handling of Exceptional Conditions\nAn issue has been found in libpng It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.","references":[{"reference_url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14048","reference_id":"","reference_type":"","scores":[{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74473","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74602","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74592","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74598","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74599","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74476","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74502","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74478","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.7451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74525","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74547","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74519","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74557","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00829","scoring_system":"epss","scoring_elements":"0.74564","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14048"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/fouzhe/security/tree/master/libpng","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/fouzhe/security/tree/master/libpng"},{"reference_url":"https://github.com/glennrp/libpng/issues/238","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/glennrp/libpng/issues/238"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/30","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/30"},{"reference_url":"https://security.gentoo.org/glsa/201908-02","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-02"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608073","reference_id":"1608073","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608073"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14048","reference_id":"CVE-2018-14048","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14048"},{"reference_url":"https://usn.ubuntu.com/5432-1/","reference_id":"USN-5432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5432-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5432-2/","reference_id":"USN-USN-5432-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5432-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928257?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14048"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xdm-ndp3-47f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7052?format=json","vulnerability_id":"VCID-3ggs-vja8-r3de","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nBuffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0973.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0973.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0973","reference_id":"","reference_type":"","scores":[{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83617","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.8363","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83644","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83646","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.8367","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83677","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83694","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83687","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83683","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83718","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83719","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83744","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83752","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83758","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02006","scoring_system":"epss","scoring_elements":"0.83781","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0973"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/10/1","reference_id":"1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1177327","reference_id":"1177327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1177327"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/10/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/3"},{"reference_url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/","reference_id":"33173461","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/"},{"reference_url":"http://secunia.com/advisories/62725","reference_id":"62725","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://secunia.com/advisories/62725"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823","reference_id":"773823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673","reference_id":"775673","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775673"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0973","reference_id":"CVE-2015-0973","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0973"},{"reference_url":"http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt","reference_id":"libpng_heap_overflow_1.6.15.txt","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240719-0005/","reference_id":"ntap-20240719-0005","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:25:31Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240719-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928252?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2015-0973"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ggs-vja8-r3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10855?format=json","vulnerability_id":"VCID-663w-wmsg-zkc5","summary":"Out-of-bounds Write\nAn issue has been found in third-party PNM decoding associated with libpng It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14550.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14550","reference_id":"","reference_type":"","scores":[{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82628","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82602","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01745","scoring_system":"epss","scoring_elements":"0.82609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82639","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.827","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82676","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.8265","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82623","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82654","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82732","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82729","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82728","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.8269","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01778","scoring_system":"epss","scoring_elements":"0.82695","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/fouzhe/security/tree/master/libpng#stack-buffer-overflow-in-png2pnm-in-function-get_token"},{"reference_url":"https://github.com/glennrp/libpng","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/glennrp/libpng"},{"reference_url":"https://github.com/glennrp/libpng/issues/246","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/glennrp/libpng/issues/246"},{"reference_url":"https://security.gentoo.org/glsa/201908-02","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/201908-02"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221028-0001","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20221028-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221028-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20221028-0001/"},{"reference_url":"https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-UPSTREAM-LIBPNG-1043612"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608800","reference_id":"1608800","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608800"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14550","reference_id":"CVE-2018-14550","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14550"},{"reference_url":"https://github.com/advisories/GHSA-qwwr-qc2p-6283","reference_id":"GHSA-qwwr-qc2p-6283","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwwr-qc2p-6283"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928257?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14550","GHSA-qwwr-qc2p-6283"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-663w-wmsg-zkc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42454?format=json","vulnerability_id":"VCID-7923-9g38-jqc3","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65018","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15207","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15263","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15265","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.2004","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26441","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26497","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26325","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26351","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26344","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26449","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26541","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2639","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216","reference_id":"1121216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216"},{"reference_url":"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d","reference_id":"16b5e3823918840aae65c0a6da57c78a5a496a4d","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"},{"reference_url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_id":"218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416907","reference_id":"2416907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416907"},{"reference_url":"https://github.com/pnggroup/libpng/issues/755","reference_id":"755","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/issues/755"},{"reference_url":"https://github.com/pnggroup/libpng/pull/757","reference_id":"757","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/pull/757"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g","reference_id":"GHSA-7wv6-48j4-hj3g","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928261?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928263?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928262?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-65018"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7923-9g38-jqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65169?format=json","vulnerability_id":"VCID-7qam-er5a-gbas","summary":"libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22801","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04858","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04807","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04845","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04642","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04688","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.047","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04674","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04658","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04625","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04633","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04773","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444","reference_id":"1125444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428824","reference_id":"2428824","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428824"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8","reference_id":"GHSA-vgjq-8cw5-ggw8","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928266?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928265?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928268?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928267?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.54-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22801"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qam-er5a-gbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10852?format=json","vulnerability_id":"VCID-8g2j-rqsk-zqfh","summary":"Improper Input Validation\nlibpng does not properly check the length of chunks against the user limit.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12652","reference_id":"","reference_type":"","scores":[{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69799","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.6982","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00609","scoring_system":"epss","scoring_elements":"0.69825","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.7002","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70034","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70011","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70059","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70075","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70098","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70083","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.7007","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70113","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70122","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70102","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70153","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70008","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securityfocus.com/bid/109269","reference_id":"109269","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"http://www.securityfocus.com/bid/109269"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733956","reference_id":"1733956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1733956"},{"reference_url":"https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55","reference_id":"347538efbdc21b8df684ebd92d37400b3ce85d55","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://github.com/pnggroup/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55"},{"reference_url":"https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE","reference_id":"ANNOUNCE","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12652","reference_id":"CVE-2017-12652","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12652"},{"reference_url":"https://support.f5.com/csp/article/K88124225","reference_id":"K88124225","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://support.f5.com/csp/article/K88124225"},{"reference_url":"https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS","reference_id":"K88124225?utm_source=f5support&utm_medium=RSS","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://support.f5.com/csp/article/K88124225?utm_source=f5support&utm_medium=RSS"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220506-0003/","reference_id":"ntap-20220506-0003","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:22:54Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220506-0003/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3901","reference_id":"RHSA-2020:3901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3901"},{"reference_url":"https://usn.ubuntu.com/5432-1/","reference_id":"USN-5432-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5432-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5432-2/","reference_id":"USN-USN-5432-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5432-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928255?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.32-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.32-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2017-12652"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g2j-rqsk-zqfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7279?format=json","vulnerability_id":"VCID-9d14-kqac-nbbt","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nBuffer overflow in the png_set_PLTE function in libpng  allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174905.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174936.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175073.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2594.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-2594.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2595.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-2595.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-2596.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-2596.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0055.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0055.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0056.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0057.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0057.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8472","reference_id":"","reference_type":"","scores":[{"value":"0.05088","scoring_system":"epss","scoring_elements":"0.89846","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05198","scoring_system":"epss","scoring_elements":"0.8995","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90171","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90176","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90192","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90197","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90156","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90219","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90215","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90229","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90228","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90206","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05471","scoring_system":"epss","scoring_elements":"0.90159","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10148","reference_id":"","reference_type":"","scores":[],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10148"},{"reference_url":"http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/","reference_id":"","reference_type":"","scores":[],"url":"http://sourceforge.net/projects/libpng/files/libpng10/1.0.65/"},{"reference_url":"http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/","reference_id":"","reference_type":"","scores":[],"url":"http://sourceforge.net/projects/libpng/files/libpng12/1.2.55/"},{"reference_url":"http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/","reference_id":"","reference_type":"","scores":[],"url":"http://sourceforge.net/projects/libpng/files/libpng14/1.4.18/"},{"reference_url":"http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/","reference_id":"","reference_type":"","scores":[],"url":"http://sourceforge.net/projects/libpng/files/libpng15/1.5.25/"},{"reference_url":"http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/","reference_id":"","reference_type":"","scores":[],"url":"http://sourceforge.net/projects/libpng/files/libpng16/1.6.20/"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206167"},{"reference_url":"http://www.debian.org/security/2016/dsa-3443","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3443"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/12/03/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/12/03/6"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://www.securityfocus.com/bid/78624","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/78624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1281756","reference_id":"1281756","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1281756"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112","reference_id":"807112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807112"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.36:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.40:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.43:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.48:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.49:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8472","reference_id":"CVE-2015-8472","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2594","reference_id":"RHSA-2015:2594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2595","reference_id":"RHSA-2015:2595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2596","reference_id":"RHSA-2015:2596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0055","reference_id":"RHSA-2016:0055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0056","reference_id":"RHSA-2016:0056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0057","reference_id":"RHSA-2016:0057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0098","reference_id":"RHSA-2016:0098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0099","reference_id":"RHSA-2016:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0100","reference_id":"RHSA-2016:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0101","reference_id":"RHSA-2016:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"reference_url":"https://usn.ubuntu.com/2861-1/","reference_id":"USN-2861-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2861-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928253?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.20-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.20-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8472"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9d14-kqac-nbbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63979?format=json","vulnerability_id":"VCID-dm7h-c7wt-1kbs","summary":"libpng: libpng: Arbitrary code execution due to use-after-free vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33416","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11022","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10934","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10979","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.11977","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12063","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13064","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12775","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12874","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12919","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12954","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12943","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12864","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15898","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012","reference_id":"1132012","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012"},{"reference_url":"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb","reference_id":"23019269764e35ed8458e517f1897bd3c54820eb","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805","reference_id":"2451805","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805"},{"reference_url":"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667","reference_id":"7ea9eea884a2328cc7fdcb3c0c00246a50d90667","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"},{"reference_url":"https://github.com/pnggroup/libpng/pull/824","reference_id":"824","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/pull/824"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25","reference_id":"a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"},{"reference_url":"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1","reference_id":"c1b0318b393c90679e6fa5bc1d329fd5d5012ec1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j","reference_id":"GHSA-m4pc-p4q3-4c7j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928272?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928271?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928273?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33416"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10277?format=json","vulnerability_id":"VCID-fx8t-41tv-hkdu","summary":"Use After Free\npng_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"},{"reference_url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7317","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68494","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.6847","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68458","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68426","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68464","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68477","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68504","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.6851","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68516","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.6836","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68381","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.684","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68427","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68444","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7317"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/glennrp/libpng/issues/275","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/glennrp/libpng/issues/275"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/30","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/30"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/36","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/36"},{"reference_url":"https://seclists.org/bugtraq/2019/May/56","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/56"},{"reference_url":"https://seclists.org/bugtraq/2019/May/59","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/59"},{"reference_url":"https://seclists.org/bugtraq/2019/May/67","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/67"},{"reference_url":"https://security.gentoo.org/glsa/201908-02","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-02"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190719-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190719-0005/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4435","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4435"},{"reference_url":"https://www.debian.org/security/2019/dsa-4448","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4448"},{"reference_url":"https://www.debian.org/security/2019/dsa-4451","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4451"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.securityfocus.com/bid/108098","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/108098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672409","reference_id":"1672409","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672409"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355","reference_id":"921355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355"},{"reference_url":"https://security.archlinux.org/ASA-201904-10","reference_id":"ASA-201904-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-10"},{"reference_url":"https://security.archlinux.org/ASA-201905-8","reference_id":"ASA-201905-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-8"},{"reference_url":"https://security.archlinux.org/ASA-201905-9","reference_id":"ASA-201905-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201905-9"},{"reference_url":"https://security.archlinux.org/AVG-868","reference_id":"AVG-868","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-868"},{"reference_url":"https://security.archlinux.org/AVG-965","reference_id":"AVG-965","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-965"},{"reference_url":"https://security.archlinux.org/AVG-966","reference_id":"AVG-966","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-966"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hpe:xp7_command_view_advanced_edition_suite:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*","reference_id":"cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:xp7_command_view:*:*:*:*:advanced:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:vmware_vsphere:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:9.6:*:*:*:*:windows:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vcenter:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_storage_manager:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_unified_manager:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*","reference_id":"cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:oracle:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:3.4.2:p1:*:*:*:sap:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:oracle:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*","reference_id":"cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:snapmanager:*:*:*:*:*:sap:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:package_hub:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:7u221:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:java_se:8u212:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:12.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7317","reference_id":"CVE-2019-7317","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-7317"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13","reference_id":"mfsa2019-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14","reference_id":"mfsa2019-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15","reference_id":"mfsa2019-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1265","reference_id":"RHSA-2019:1265","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1267","reference_id":"RHSA-2019:1267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1269","reference_id":"RHSA-2019:1269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1269"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1308","reference_id":"RHSA-2019:1308","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1308"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1309","reference_id":"RHSA-2019:1309","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1310","reference_id":"RHSA-2019:1310","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1310"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2494","reference_id":"RHSA-2019:2494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2495","reference_id":"RHSA-2019:2495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2585","reference_id":"RHSA-2019:2585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2590","reference_id":"RHSA-2019:2590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2592","reference_id":"RHSA-2019:2592","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2737","reference_id":"RHSA-2019:2737","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2737"},{"reference_url":"https://usn.ubuntu.com/3962-1/","reference_id":"USN-3962-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3962-1/"},{"reference_url":"https://usn.ubuntu.com/3991-1/","reference_id":"USN-3991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3991-1/"},{"reference_url":"https://usn.ubuntu.com/3997-1/","reference_id":"USN-3997-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3997-1/"},{"reference_url":"https://usn.ubuntu.com/4080-1/","reference_id":"USN-4080-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4080-1/"},{"reference_url":"https://usn.ubuntu.com/4083-1/","reference_id":"USN-4083-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4083-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928259?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.36-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.36-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2019-7317"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fx8t-41tv-hkdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82879?format=json","vulnerability_id":"VCID-gk2b-sstt-2fgh","summary":"libpng: memory leak of png_info struct in pngcp.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6129","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51731","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51726","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5182","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51777","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51806","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51767","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51822","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51819","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5187","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5185","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51877","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51883","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51866","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.51814","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6129"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129"},{"reference_url":"https://github.com/glennrp/libpng/issues/269","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/glennrp/libpng/issues/269"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667127","reference_id":"1667127","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1667127"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.36:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6129","reference_id":"CVE-2019-6129","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6129"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928258?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2019-6129"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gk2b-sstt-2fgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6936?format=json","vulnerability_id":"VCID-h89j-mr17-rua9","summary":"Uncontrolled Resource Consumption\nMultiple integer overflows in libpng rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7354.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7354","reference_id":"","reference_type":"","scores":[{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68571","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68457","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68542","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68555","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68582","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68587","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68592","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68438","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68452","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68502","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.6852","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68546","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00567","scoring_system":"epss","scoring_elements":"0.68533","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7354"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086516","reference_id":"1086516","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086516"},{"reference_url":"http://sourceforge.net/p/libpng/bugs/199/","reference_id":"199","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/"}],"url":"http://sourceforge.net/p/libpng/bugs/199/"},{"reference_url":"http://www.securityfocus.com/bid/67344","reference_id":"67344","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/"}],"url":"http://www.securityfocus.com/bid/67344"},{"reference_url":"http://seclists.org/oss-sec/2014/q2/83","reference_id":"83","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/"}],"url":"http://seclists.org/oss-sec/2014/q2/83"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7354","reference_id":"CVE-2013-7354","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7354"},{"reference_url":"https://security.gentoo.org/glsa/201408-06","reference_id":"GLSA-201408-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-06"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:42:44Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928248?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2013-7354"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h89j-mr17-rua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66390?format=json","vulnerability_id":"VCID-j7dk-wzkm-tfcr","summary":"libpng: LIBPNG out-of-bounds read in png_image_read_composite","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66293","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.24948","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30374","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30023","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30101","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30216","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30279","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30324","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30342","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30511","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30323","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30416","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30418","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877","reference_id":"1121877","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711","reference_id":"2418711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711"},{"reference_url":"https://github.com/pnggroup/libpng/issues/764","reference_id":"764","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/issues/764"},{"reference_url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1","reference_id":"788a624d7387a758ffd5c7ab010f1870dea753a1","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_id":"a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f","reference_id":"GHSA-9mpm-9pxh-mg4f","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2072","reference_id":"RHSA-2026:2072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2633","reference_id":"RHSA-2026:2633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2659","reference_id":"RHSA-2026:2659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2671","reference_id":"RHSA-2026:2671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2974","reference_id":"RHSA-2026:2974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3415","reference_id":"RHSA-2026:3415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3861","reference_id":"RHSA-2026:3861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4419","reference_id":"RHSA-2026:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928261?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928263?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928264?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.52-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.52-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66293"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7dk-wzkm-tfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42451?format=json","vulnerability_id":"VCID-kwag-k17x-kyaj","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64505","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01548","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01698","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02433","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07223","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07304","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07276","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219","reference_id":"1121219","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416905","reference_id":"2416905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416905"},{"reference_url":"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37","reference_id":"6a528eb5fd0dd7f6de1c39d30de0e41473431c37","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37"},{"reference_url":"https://github.com/pnggroup/libpng/pull/748","reference_id":"748","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/pull/748"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42","reference_id":"GHSA-4952-h5wq-4m42","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"},{"reference_url":"https://usn.ubuntu.com/8081-1/","reference_id":"USN-8081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8081-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928261?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928263?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928262?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64505"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwag-k17x-kyaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7047?format=json","vulnerability_id":"VCID-mxh6-rpb3-tbbq","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a \"very wide interlaced\" PNG image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9495.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9495","reference_id":"","reference_type":"","scores":[{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87524","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87534","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87547","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87549","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87568","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87575","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87586","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87582","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87579","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87593","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87592","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.8761","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87617","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87615","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03487","scoring_system":"epss","scoring_elements":"0.87628","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/10/1","reference_id":"1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/1"},{"reference_url":"http://www.securitytracker.com/id/1031444","reference_id":"1031444","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.securitytracker.com/id/1031444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179186","reference_id":"1179186","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1179186"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/04/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/04/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/01/10/3","reference_id":"3","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.openwall.com/lists/oss-security/2015/01/10/3"},{"reference_url":"http://sourceforge.net/p/png-mng/mailman/message/33172831/","reference_id":"33172831","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://sourceforge.net/p/png-mng/mailman/message/33172831/"},{"reference_url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/","reference_id":"33173461","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://sourceforge.net/p/png-mng/mailman/message/33173461/"},{"reference_url":"http://secunia.com/advisories/62725","reference_id":"62725","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://secunia.com/advisories/62725"},{"reference_url":"http://www.securityfocus.com/bid/71820","reference_id":"71820","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:14:59Z/"}],"url":"http://www.securityfocus.com/bid/71820"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823","reference_id":"773823","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773823"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824","reference_id":"773824","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773824"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9495","reference_id":"CVE-2014-9495","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9495"},{"reference_url":"https://security.gentoo.org/glsa/201502-10","reference_id":"GLSA-201502-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928252?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.16-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.16-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2014-9495"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxh6-rpb3-tbbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42453?format=json","vulnerability_id":"VCID-n4kj-urjq-2uav","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64720","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16669","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23163","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27831","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27824","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28025","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27924","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643","reference_id":"08da33b4c88cfcd36e5a706558a8d7e0e4773643","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217","reference_id":"1121217","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416904","reference_id":"2416904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416904"},{"reference_url":"https://github.com/pnggroup/libpng/issues/686","reference_id":"686","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/issues/686"},{"reference_url":"https://github.com/pnggroup/libpng/pull/751","reference_id":"751","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/pull/751"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww","reference_id":"GHSA-hfc7-ph9c-wcww","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0251","reference_id":"RHSA-2026:0251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0251"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928261?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928263?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928262?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64720"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kj-urjq-2uav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6907?format=json","vulnerability_id":"VCID-nhbw-6tpy-pbh3","summary":"Uncontrolled Resource Consumption\nThe png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0333","reference_id":"","reference_type":"","scores":[{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73361","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73371","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73395","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.7344","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.7342","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73412","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73454","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73462","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73456","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73489","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73501","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73499","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73492","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1070985","reference_id":"1070985","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1070985"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0333","reference_id":"CVE-2014-0333","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0333"},{"reference_url":"https://security.gentoo.org/glsa/201408-06","reference_id":"GLSA-201408-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928248?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0333"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhbw-6tpy-pbh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42452?format=json","vulnerability_id":"VCID-p6b5-1ba6-b3f8","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64506","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.044","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04364","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04344","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04685","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05715","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07223","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07304","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07276","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218","reference_id":"1121218","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416906","reference_id":"2416906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416906"},{"reference_url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821","reference_id":"2bd84c019c300b78e811743fbcddb67c9d9bf821","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821"},{"reference_url":"https://github.com/pnggroup/libpng/pull/749","reference_id":"749","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/pull/749"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6","reference_id":"GHSA-qpr4-xm66-hww6","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928261?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928263?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928262?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-64506"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6b5-1ba6-b3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63978?format=json","vulnerability_id":"VCID-ptgq-884e-mkft","summary":"libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33636","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09508","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09521","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09569","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0954","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15193","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15197","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16608","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16475","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013","reference_id":"1132013","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451819","reference_id":"2451819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451819"},{"reference_url":"https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869","reference_id":"7734cda20cf1236aef60f3bbd2267c97bbb40869","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"},{"reference_url":"https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3","reference_id":"aba9f18eba870d14fb52c5ba5d73451349e339c3","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2","reference_id":"GHSA-wjr5-c57x-95m2","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13412","reference_id":"RHSA-2026:13412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13533","reference_id":"RHSA-2026:13533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13582","reference_id":"RHSA-2026:13582","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13582"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13583","reference_id":"RHSA-2026:13583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13583"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13596","reference_id":"RHSA-2026:13596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13600","reference_id":"RHSA-2026:13600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13665","reference_id":"RHSA-2026:13665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13682","reference_id":"RHSA-2026:13682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13682"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13683","reference_id":"RHSA-2026:13683","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13683"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928272?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928271?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928273?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33636"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9572?format=json","vulnerability_id":"VCID-q3qv-kycc-eqfw","summary":"Divide By Zero\nIn libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13785","reference_id":"","reference_type":"","scores":[{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86397","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86374","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86384","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86396","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.8639","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86407","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86412","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86405","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02919","scoring_system":"epss","scoring_elements":"0.86434","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86498","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86508","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86527","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02997","scoring_system":"epss","scoring_elements":"0.86526","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.88014","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03717","scoring_system":"epss","scoring_elements":"0.88025","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181018-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181018-0001/"},{"reference_url":"https://sourceforge.net/p/libpng/bugs/278/","reference_id":"","reference_type":"","scores":[],"url":"https://sourceforge.net/p/libpng/bugs/278/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/105599","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105599"},{"reference_url":"http://www.securitytracker.com/id/1041889","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041889"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599943","reference_id":"1599943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1599943"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430","reference_id":"903430","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903430"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13785","reference_id":"CVE-2018-13785","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-13785"},{"reference_url":"https://security.gentoo.org/glsa/201908-10","reference_id":"GLSA-201908-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3000","reference_id":"RHSA-2018:3000","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3000"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3001","reference_id":"RHSA-2018:3001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3002","reference_id":"RHSA-2018:3002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3003","reference_id":"RHSA-2018:3003","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3003"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3007","reference_id":"RHSA-2018:3007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3008","reference_id":"RHSA-2018:3008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3533","reference_id":"RHSA-2018:3533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3534","reference_id":"RHSA-2018:3534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3534"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3671","reference_id":"RHSA-2018:3671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3672","reference_id":"RHSA-2018:3672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3779","reference_id":"RHSA-2018:3779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3852","reference_id":"RHSA-2018:3852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3852"},{"reference_url":"https://usn.ubuntu.com/3712-1/","reference_id":"USN-3712-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3712-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928256?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.34-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.34-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2018-13785"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3qv-kycc-eqfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65170?format=json","vulnerability_id":"VCID-rm7f-ybuf-dyfq","summary":"libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22695","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08627","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08594","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08673","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08535","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08689","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08702","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08655","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08657","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08597","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08671","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443","reference_id":"1125443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443"},{"reference_url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_id":"218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428825","reference_id":"2428825","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428825"},{"reference_url":"https://github.com/pnggroup/libpng/issues/778","reference_id":"778","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/issues/778"},{"reference_url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2","reference_id":"e4f7ad4ea2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp","reference_id":"GHSA-mmq5-27w3-rxpp","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928266?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928265?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928268?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928267?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.54-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.54-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22695"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7f-ybuf-dyfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6937?format=json","vulnerability_id":"VCID-una1-4acn-s3dy","summary":"Heap-based Buffer Overflow\nInteger overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7353.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7353.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7353","reference_id":"","reference_type":"","scores":[{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61453","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61428","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61521","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61505","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.6149","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61507","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61502","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61351","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61456","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61427","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61474","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61489","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.6151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61497","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61477","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61517","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7353"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086514","reference_id":"1086514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086514"},{"reference_url":"http://sourceforge.net/p/libpng/bugs/199/","reference_id":"199","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/"}],"url":"http://sourceforge.net/p/libpng/bugs/199/"},{"reference_url":"http://www.securityfocus.com/bid/67345","reference_id":"67345","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/"}],"url":"http://www.securityfocus.com/bid/67345"},{"reference_url":"http://seclists.org/oss-sec/2014/q2/83","reference_id":"83","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/"}],"url":"http://seclists.org/oss-sec/2014/q2/83"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7353","reference_id":"CVE-2013-7353","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7353"},{"reference_url":"https://security.gentoo.org/glsa/201408-06","reference_id":"GLSA-201408-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-06"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:37:00Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928248?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2013-7353"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-una1-4acn-s3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64864?format=json","vulnerability_id":"VCID-uxj6-4181-rygt","summary":"libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28164","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04659","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04684","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04513","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04503","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04489","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04471","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0444","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433398","reference_id":"2433398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433398"},{"reference_url":"https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20","reference_id":"506516f8c22178005b4379c8b2a7de20","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/"}],"url":"https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20"},{"reference_url":"https://github.com/pnggroup/libpng/issues/655","reference_id":"655","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/"}],"url":"https://github.com/pnggroup/libpng/issues/655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7993-1/","reference_id":"USN-7993-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7993-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928260?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.47-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.47-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-28164"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxj6-4181-rygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64865?format=json","vulnerability_id":"VCID-uxqz-nx2v-6yc5","summary":"libpng: libpng: Denial of Service via buffer overflow in pngimage utility","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28162","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04682","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04659","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04684","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04513","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04503","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04489","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04471","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0444","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433407","reference_id":"2433407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433407"},{"reference_url":"https://github.com/pnggroup/libpng/issues/656","reference_id":"656","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/"}],"url":"https://github.com/pnggroup/libpng/issues/656"},{"reference_url":"https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60","reference_id":"fbfdb9b5610c6b3db0d5dea045a07c60","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/"}],"url":"https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7993-1/","reference_id":"USN-7993-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7993-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928260?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.47-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.47-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2025-28162"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxqz-nx2v-6yc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64639?format=json","vulnerability_id":"VCID-xyhj-84d1-dqh3","summary":"libpng: LIBPNG has a heap buffer overflow in png_set_quantize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25646","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23085","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23042","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23035","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23475","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2376","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23645","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23599","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26176","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_id":"01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566","reference_id":"1127566","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542","reference_id":"2438542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3","reference_id":"GHSA-g8hp-mq4h-rqm3","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3031","reference_id":"RHSA-2026:3031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3968","reference_id":"RHSA-2026:3968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3969","reference_id":"RHSA-2026:3969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4221","reference_id":"RHSA-2026:4221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4222","reference_id":"RHSA-2026:4222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4756","reference_id":"RHSA-2026:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6439","reference_id":"RHSA-2026:6439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6445","reference_id":"RHSA-2026:6445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6466","reference_id":"RHSA-2026:6466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6467","reference_id":"RHSA-2026:6467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6468","reference_id":"RHSA-2026:6468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6469","reference_id":"RHSA-2026:6469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6553","reference_id":"RHSA-2026:6553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7032","reference_id":"RHSA-2026:7032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7033","reference_id":"RHSA-2026:7033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7034","reference_id":"RHSA-2026:7034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7035","reference_id":"RHSA-2026:7035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7036","reference_id":"RHSA-2026:7036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7239","reference_id":"RHSA-2026:7239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7243","reference_id":"RHSA-2026:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"},{"reference_url":"https://usn.ubuntu.com/8039-1/","reference_id":"USN-8039-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8039-1/"},{"reference_url":"https://usn.ubuntu.com/8081-1/","reference_id":"USN-8081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8081-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928266?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928269?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928270?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.55-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.55-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2026-25646"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyhj-84d1-dqh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7800?format=json","vulnerability_id":"VCID-zetn-zwnv-u7gf","summary":"NULL Pointer Dereference\nThe png_set_text_2 function in libpng  allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10087","reference_id":"","reference_type":"","scores":[{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.75969","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76124","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76094","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76104","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76115","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.75972","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76004","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.75983","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76016","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76031","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76056","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76032","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76027","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76067","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76071","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76055","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409617","reference_id":"1409617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409617"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799","reference_id":"849799","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799"},{"reference_url":"https://security.archlinux.org/ASA-201701-2","reference_id":"ASA-201701-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-2"},{"reference_url":"https://security.archlinux.org/ASA-201701-5","reference_id":"ASA-201701-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-5"},{"reference_url":"https://security.archlinux.org/AVG-119","reference_id":"AVG-119","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-119"},{"reference_url":"https://security.archlinux.org/AVG-120","reference_id":"AVG-120","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-120"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10087","reference_id":"CVE-2016-10087","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-10087"},{"reference_url":"https://security.gentoo.org/glsa/201701-74","reference_id":"GLSA-201701-74","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-74"},{"reference_url":"https://usn.ubuntu.com/3712-1/","reference_id":"USN-3712-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3712-1/"},{"reference_url":"https://usn.ubuntu.com/3712-2/","reference_id":"USN-3712-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3712-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/928254?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.27-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.27-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928249?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gk2b-sstt-2fgh"},{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928247?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uxj6-4181-rygt"},{"vulnerability":"VCID-uxqz-nx2v-6yc5"},{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928251?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/928250?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.56-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zmjn-418h-ebg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1063050?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.57-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067572?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10087"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zetn-zwnv-u7gf"}],"risk_score":"2.3","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u3%3Fdistro=trixie"}