{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37642?format=json","vulnerability_id":"VCID-8dc9-x82x-2yg1","summary":"Uncontrolled Resource Consumption\nThe png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.","aliases":[{"alias":"CVE-2014-0333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103140?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.10-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.10-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103141?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.37-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5q66-zeyz-rfdb"},{"vulnerability":"VCID-5rgq-xe5s-kkfc"},{"vulnerability":"VCID-gk3z-6dp9-73cd"},{"vulnerability":"VCID-gtdx-fb61-ykbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.37-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103139?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5q66-zeyz-rfdb"},{"vulnerability":"VCID-gtdx-fb61-ykbv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103143?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103142?format=json","purl":"pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/191802?format=json","purl":"pkg:ebuild/media-libs/libpng@1.6.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.6.10"},{"url":"http://public2.vulnerablecode.io/api/packages/51199?format=json","purl":"pkg:nuget/libpng@1.6.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fmt1-496f-9qf3"},{"vulnerability":"VCID-y21n-ekwz-ayep"},{"vulnerability":"VCID-yk3y-m6rn-ukbd"},{"vulnerability":"VCID-z7uy-uene-gkb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/191801?format=json","purl":"pkg:ebuild/media-libs/libpng@1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8dc9-x82x-2yg1"},{"vulnerability":"VCID-9whv-nakg-7uep"},{"vulnerability":"VCID-yfe1-js79-y3hv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51701?format=json","purl":"pkg:nuget/libpng@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-54s1-pkq4-aqhu"},{"vulnerability":"VCID-88fw-cmaz-vfbb"},{"vulnerability":"VCID-8dc9-x82x-2yg1"},{"vulnerability":"VCID-a899-g3pw-aqfj"},{"vulnerability":"VCID-vd75-tvxc-9bah"},{"vulnerability":"VCID-y21n-ekwz-ayep"},{"vulnerability":"VCID-z7uy-uene-gkb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/51769?format=json","purl":"pkg:nuget/libpng@1.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8dc9-x82x-2yg1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.9"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0333","reference_id":"","reference_type":"","scores":[{"value":"0.00764","scoring_system":"epss","scoring_elements":"0.73778","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1070985","reference_id":"1070985","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1070985"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0333","reference_id":"CVE-2014-0333","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0333"},{"reference_url":"https://security.gentoo.org/glsa/201408-06","reference_id":"GLSA-201408-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-06"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8dc9-x82x-2yg1"}