VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-p4dn-78nk-zkc5

Essentials
Severities (63)
References (56)
Severity details (50)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-p4dn-78nk-zkc5
Aliases	CVE-2013-6954
Summary	The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.5	http://advisories.mageia.org/MGASA-2014-0075.html
ssvc	Track	http://advisories.mageia.org/MGASA-2014-0075.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html
cvssv3.1	6.5	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html
ssvc	Track	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html
cvssv3.1	6.5	http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html
ssvc	Track	http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html
cvssv3.1	6.5	http://marc.info/?l=bugtraq&m=140852886808946&w=2
ssvc	Track	http://marc.info/?l=bugtraq&m=140852886808946&w=2
cvssv3.1	6.5	http://marc.info/?l=bugtraq&m=140852974709252&w=2
ssvc	Track	http://marc.info/?l=bugtraq&m=140852974709252&w=2
cvssv3.1	6.5	https://access.redhat.com/errata/RHSA-2014:0413
ssvc	Track	https://access.redhat.com/errata/RHSA-2014:0413
cvssv3.1	6.5	https://access.redhat.com/errata/RHSA-2014:0414
ssvc	Track	https://access.redhat.com/errata/RHSA-2014:0414
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
epss	0.03546	https://api.first.org/data/v1/epss?cve=CVE-2013-6954
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=1045561
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=1045561
cvssv3.1	6.5	http://secunia.com/advisories/58974
ssvc	Track	http://secunia.com/advisories/58974
cvssv3.1	6.5	http://secunia.com/advisories/59058
ssvc	Track	http://secunia.com/advisories/59058
cvssv3.1	6.5	http://security.gentoo.org/glsa/glsa-201406-32.xml
ssvc	Track	http://security.gentoo.org/glsa/glsa-201406-32.xml
cvssv3.1	6.5	http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c
ssvc	Track	http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c
cvssv3.1	6.5	http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/
ssvc	Track	http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/
cvssv3.1	6.5	https://www.ibm.com/support/docview.wss?uid=swg21675973
ssvc	Track	https://www.ibm.com/support/docview.wss?uid=swg21675973
cvssv3.1	6.5	http://www-01.ibm.com/support/docview.wss?uid=swg21672080
ssvc	Track	http://www-01.ibm.com/support/docview.wss?uid=swg21672080
cvssv3.1	6.5	http://www-01.ibm.com/support/docview.wss?uid=swg21676746
ssvc	Track	http://www-01.ibm.com/support/docview.wss?uid=swg21676746
cvssv3.1	6.5	http://www.kb.cert.org/vuls/id/650142
ssvc	Track	http://www.kb.cert.org/vuls/id/650142
cvssv3.1	6.5	http://www.libpng.org/pub/png/libpng.html
ssvc	Track	http://www.libpng.org/pub/png/libpng.html
cvssv3.1	6.5	http://www.mandriva.com/security/advisories?name=MDVSA-2014:035
ssvc	Track	http://www.mandriva.com/security/advisories?name=MDVSA-2014:035
cvssv3.1	6.5	http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
ssvc	Track	http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
cvssv3.1	6.5	http://www.securityfocus.com/bid/64493
ssvc	Track	http://www.securityfocus.com/bid/64493

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6954.json
		https://api.first.org/data/v1/epss?cve=CVE-2013-6954
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427
127947.html		http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html
127952.html		http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html
128098.html		http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html
128099.html		http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html
128114.html		http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html
1.6.8		http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/
1faa6ff32c648acfe3cf30a58d31d7aebc24968c		http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c
58974		http://secunia.com/advisories/58974
59058		http://secunia.com/advisories/59058
64493		http://www.securityfocus.com/bid/64493
650142		http://www.kb.cert.org/vuls/id/650142
advisories?name=MDVSA-2014:035		http://www.mandriva.com/security/advisories?name=MDVSA-2014:035
cpuapr2014-1972952.html		http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2013-6954		https://nvd.nist.gov/vuln/detail/CVE-2013-6954
docview.wss?uid=swg21672080		http://www-01.ibm.com/support/docview.wss?uid=swg21672080
docview.wss?uid=swg21675973		https://www.ibm.com/support/docview.wss?uid=swg21675973
docview.wss?uid=swg21676746		http://www-01.ibm.com/support/docview.wss?uid=swg21676746
?l=bugtraq&m=140852886808946&w=2		http://marc.info/?l=bugtraq&m=140852886808946&w=2
?l=bugtraq&m=140852974709252&w=2		http://marc.info/?l=bugtraq&m=140852974709252&w=2
libpng.html		http://www.libpng.org/pub/png/libpng.html
MGASA-2014-0075.html		http://advisories.mageia.org/MGASA-2014-0075.html
msg00071.html		http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html
RHSA-2014:0412		https://access.redhat.com/errata/RHSA-2014:0412
RHSA-2014:0413		https://access.redhat.com/errata/RHSA-2014:0413
RHSA-2014:0486		https://access.redhat.com/errata/RHSA-2014:0486
RHSA-2014:0508		https://access.redhat.com/errata/RHSA-2014:0508
RHSA-2014:0705		https://access.redhat.com/errata/RHSA-2014:0705
RHSA-2014:0982		https://access.redhat.com/errata/RHSA-2014:0982
show_bug.cgi?id=1045561		https://bugzilla.redhat.com/show_bug.cgi?id=1045561

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://advisories.mageia.org/MGASA-2014-0075.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://advisories.mageia.org/MGASA-2014-0075.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127947.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127952.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128098.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128099.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128114.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://lists.opensuse.org/opensuse-updates/2014-01/msg00071.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://marc.info/?l=bugtraq&m=140852886808946&w=2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://marc.info/?l=bugtraq&m=140852886808946&w=2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://marc.info/?l=bugtraq&m=140852974709252&w=2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://marc.info/?l=bugtraq&m=140852974709252&w=2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2014:0413

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at https://access.redhat.com/errata/RHSA-2014:0413

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2014:0414

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at https://access.redhat.com/errata/RHSA-2014:0414

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1045561

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=1045561

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://secunia.com/advisories/58974

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://secunia.com/advisories/58974

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://secunia.com/advisories/59058

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://secunia.com/advisories/59058

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://security.gentoo.org/glsa/glsa-201406-32.xml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://security.gentoo.org/glsa/glsa-201406-32.xml

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://sourceforge.net/p/libpng/code/ci/1faa6ff32c648acfe3cf30a58d31d7aebc24968c

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://sourceforge.net/projects/libpng/files/libpng16/1.6.8/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.ibm.com/support/docview.wss?uid=swg21675973

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at https://www.ibm.com/support/docview.wss?uid=swg21675973

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www-01.ibm.com/support/docview.wss?uid=swg21672080

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://www-01.ibm.com/support/docview.wss?uid=swg21672080

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www-01.ibm.com/support/docview.wss?uid=swg21676746

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://www-01.ibm.com/support/docview.wss?uid=swg21676746

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.kb.cert.org/vuls/id/650142

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://www.kb.cert.org/vuls/id/650142

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.libpng.org/pub/png/libpng.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://www.libpng.org/pub/png/libpng.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.mandriva.com/security/advisories?name=MDVSA-2014:035

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://www.mandriva.com/security/advisories?name=MDVSA-2014:035

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://www.securityfocus.com/bid/64493

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:40:28Z/ Found at http://www.securityfocus.com/bid/64493

Exploit Prediction Scoring System (EPSS)

Percentile	0.87246
EPSS Score	0.03546
Published At	Aug. 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:17:41.839158+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2013/6xxx/CVE-2013-6954.json	37.0.0