{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3713", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-07T10:52:23.533Z", "datePublished": "2026-03-08T06:02:11.204Z", "dateUpdated": "2026-03-11T13:43:22.092Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-08T06:02:11.204Z"}, "title": "pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "pnggroup", "product": "libpng", "versions": [{"version": "1.6.0", "status": "affected"}, {"version": "1.6.1", "status": "affected"}, {"version": "1.6.2", "status": "affected"}, {"version": "1.6.3", "status": "affected"}, {"version": "1.6.4", "status": "affected"}, {"version": "1.6.5", "status": "affected"}, {"version": "1.6.6", "status": "affected"}, {"version": "1.6.7", "status": "affected"}, {"version": "1.6.8", "status": "affected"}, {"version": "1.6.9", "status": "affected"}, {"version": "1.6.10", "status": "affected"}, {"version": "1.6.11", "status": "affected"}, {"version": "1.6.12", "status": "affected"}, {"version": "1.6.13", "status": "affected"}, {"version": "1.6.14", "status": "affected"}, {"version": "1.6.15", "status": "affected"}, {"version": "1.6.16", "status": "affected"}, {"version": "1.6.17", "status": "affected"}, {"version": "1.6.18", "status": "affected"}, {"version": "1.6.19", "status": "affected"}, {"version": "1.6.20", "status": "affected"}, {"version": "1.6.21", "status": "affected"}, {"version": "1.6.22", "status": "affected"}, {"version": "1.6.23", "status": "affected"}, {"version": "1.6.24", "status": "affected"}, {"version": "1.6.25", "status": "affected"}, {"version": "1.6.26", "status": "affected"}, {"version": "1.6.27", "status": "affected"}, {"version": "1.6.28", "status": "affected"}, {"version": "1.6.29", "status": "affected"}, {"version": "1.6.30", "status": "affected"}, {"version": "1.6.31", "status": "affected"}, {"version": "1.6.32", "status": "affected"}, {"version": "1.6.33", "status": "affected"}, {"version": "1.6.34", "status": "affected"}, {"version": "1.6.35", "status": "affected"}, {"version": "1.6.36", "status": "affected"}, {"version": "1.6.37", "status": "affected"}, {"version": "1.6.38", "status": "affected"}, {"version": "1.6.39", "status": "affected"}, {"version": "1.6.40", "status": "affected"}, {"version": "1.6.41", "status": "affected"}, {"version": "1.6.42", "status": "affected"}, {"version": "1.6.43", "status": "affected"}, {"version": "1.6.44", "status": "affected"}, {"version": "1.6.45", "status": "affected"}, {"version": "1.6.46", "status": "affected"}, {"version": "1.6.47", "status": "affected"}, {"version": "1.6.48", "status": "affected"}, {"version": "1.6.49", "status": "affected"}, {"version": "1.6.50", "status": "affected"}, {"version": "1.6.51", "status": "affected"}, {"version": "1.6.52", "status": "affected"}, {"version": "1.6.53", "status": "affected"}, {"version": "1.6.54", "status": "affected"}, {"version": "1.6.55", "status": "affected"}], "cpes": ["cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*"], "modules": ["pnm2png"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2026-03-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-07T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-07T11:57:28.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "biniam (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.349658", "name": "VDB-349658 | pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349658", "name": "VDB-349658 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.761996", "name": "Submit #761996 | libpng pnm2png 1.8.0 Integer Overflow to Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/pnggroup/libpng/issues/794", "tags": ["issue-tracking"]}, {"url": "https://github.com/biniamf/pocs/tree/main/pnm2png", "tags": ["exploit"]}, {"url": "https://github.com/pnggroup/libpng/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T13:42:50.906724Z", "id": "CVE-2026-3713", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T13:43:22.092Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3713", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T13:42:50.906724Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T13:43:06.161Z"}}], "cna": {"tags": ["x_open-source"], "title": "pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "biniam (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*"], "vendor": "pnggroup", "modules": ["pnm2png"], "product": "libpng", "versions": [{"status": "affected", "version": "1.6.0"}, {"status": "affected", "version": "1.6.1"}, {"status": "affected", "version": "1.6.2"}, {"status": "affected", "version": "1.6.3"}, {"status": "affected", "version": "1.6.4"}, {"status": "affected", "version": "1.6.5"}, {"status": "affected", "version": "1.6.6"}, {"status": "affected", "version": "1.6.7"}, {"status": "affected", "version": "1.6.8"}, {"status": "affected", "version": "1.6.9"}, {"status": "affected", "version": "1.6.10"}, {"status": "affected", "version": "1.6.11"}, {"status": "affected", "version": "1.6.12"}, {"status": "affected", "version": "1.6.13"}, {"status": "affected", "version": "1.6.14"}, {"status": "affected", "version": "1.6.15"}, {"status": "affected", "version": "1.6.16"}, {"status": "affected", "version": "1.6.17"}, {"status": "affected", "version": "1.6.18"}, {"status": "affected", "version": "1.6.19"}, {"status": "affected", "version": "1.6.20"}, {"status": "affected", "version": "1.6.21"}, {"status": "affected", "version": "1.6.22"}, {"status": "affected", "version": "1.6.23"}, {"status": "affected", "version": "1.6.24"}, {"status": "affected", "version": "1.6.25"}, {"status": "affected", "version": "1.6.26"}, {"status": "affected", "version": "1.6.27"}, {"status": "affected", "version": "1.6.28"}, {"status": "affected", "version": "1.6.29"}, {"status": "affected", "version": "1.6.30"}, {"status": "affected", "version": "1.6.31"}, {"status": "affected", "version": "1.6.32"}, {"status": "affected", "version": "1.6.33"}, {"status": "affected", "version": "1.6.34"}, {"status": "affected", "version": "1.6.35"}, {"status": "affected", "version": "1.6.36"}, {"status": "affected", "version": "1.6.37"}, {"status": "affected", "version": "1.6.38"}, {"status": "affected", "version": "1.6.39"}, {"status": "affected", "version": "1.6.40"}, {"status": "affected", "version": "1.6.41"}, {"status": "affected", "version": "1.6.42"}, {"status": "affected", "version": "1.6.43"}, {"status": "affected", "version": "1.6.44"}, {"status": "affected", "version": "1.6.45"}, {"status": "affected", "version": "1.6.46"}, {"status": "affected", "version": "1.6.47"}, {"status": "affected", "version": "1.6.48"}, {"status": "affected", "version": "1.6.49"}, {"status": "affected", "version": "1.6.50"}, {"status": "affected", "version": "1.6.51"}, {"status": "affected", "version": "1.6.52"}, {"status": "affected", "version": "1.6.53"}, {"status": "affected", "version": "1.6.54"}, {"status": "affected", "version": "1.6.55"}]}], "timeline": [{"lang": "en", "time": "2026-03-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-07T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-07T11:57:28.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.349658", "name": "VDB-349658 | pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349658", "name": "VDB-349658 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.761996", "name": "Submit #761996 | libpng pnm2png 1.8.0 Integer Overflow to Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/pnggroup/libpng/issues/794", "tags": ["issue-tracking"]}, {"url": "https://github.com/biniamf/pocs/tree/main/pnm2png", "tags": ["exploit"]}, {"url": "https://github.com/pnggroup/libpng/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-08T06:02:11.204Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3713", "state": "PUBLISHED", "dateUpdated": "2026-03-11T13:43:22.092Z", "dateReserved": "2026-03-07T10:52:23.533Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-08T06:02:11.204Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-3713", "lastModified": "2026-03-09T13:35:07.393", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-08T06:16:11.460", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/biniamf/pocs/tree/main/pnm2png"}, {"source": "cna@vuldb.com", "url": "https://github.com/pnggroup/libpng/"}, {"source": "cna@vuldb.com", "url": "https://github.com/pnggroup/libpng/issues/794"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.349658"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.349658"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.761996"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "libpng: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service", "id": "2445566", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445566"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-131", "details": ["A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.", "A flaw was found in libpng. A local attacker could exploit this vulnerability by manipulating the width/height arguments in the `do_pnm2png` function of the `pnm2png` component. This manipulation causes a heap-based buffer overflow, which could lead to information disclosure and denial of service (DoS)."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, avoid processing untrusted image data with the `pnm2png` utility. Restrict execution of `pnm2png` to trusted users and ensure that only trusted image files are processed."}, "name": "CVE-2026-3713", "package_state": [{"cpe": "cpe:/a:redhat:openjdk_els:11", "fix_state": "Fix deferred", "package_name": "java-11-openjdk", "product_name": "Red Hat build of OpenJDK 11 ELS"}, {"cpe": "cpe:/a:redhat:openjdk_els:11", "fix_state": "Fix deferred", "package_name": "java-11-openjdk-portable", "product_name": "Red Hat build of OpenJDK 11 ELS"}, {"cpe": "cpe:/a:redhat:openjdk:17", "fix_state": "Fix deferred", "package_name": "java-17-openjdk-portable", "product_name": "Red Hat build of OpenJDK 17"}, {"cpe": "cpe:/a:redhat:openjdk:1.8", "fix_state": "Fix deferred", "package_name": "java-1.8.0-openjdk-portable", "product_name": "Red Hat build of OpenJDK 1.8"}, {"cpe": "cpe:/a:redhat:openjdk:21", "fix_state": "Fix deferred", "package_name": "java-21-openjdk-portable", "product_name": "Red Hat build of OpenJDK 21"}, {"cpe": "cpe:/a:redhat:openjdk:25", "fix_state": "Fix deferred", "package_name": "java-25-openjdk-portable", "product_name": "Red Hat build of OpenJDK 25"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "java-21-openjdk", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "java-25-openjdk", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Under investigation", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "libpng12", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "java-17-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "java-1.8.0-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "java-21-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "libpng12", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "libpng15", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "mingw-libpng", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "java-17-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "java-1.8.0-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "java-21-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "java-25-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "libpng15", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-03-08T06:02:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3713\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3713\nhttps://github.com/biniamf/pocs/tree/main/pnm2png\nhttps://github.com/pnggroup/libpng/\nhttps://github.com/pnggroup/libpng/issues/794\nhttps://vuldb.com/?ctiid.349658\nhttps://vuldb.com/?id.349658\nhttps://vuldb.com/?submit.761996"], "statement": "This MODERATE impact heap-based buffer overflow in the `pnm2png` utility of libpng requires local execution to exploit. Red Hat products are affected if they process untrusted image data using the `pnm2png` utility.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.18"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.19"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.20"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.21"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.22"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.23"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.24"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.25"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.26"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.27"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.28"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.29"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.30"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.31"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.32"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.33"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.34"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.35"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.36"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.37"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.38"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.39"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.40"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.41"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.42"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.43"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.44"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.45"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.46"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.47"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.48"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.49"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.50"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.51"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.52"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.53"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.54"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.6.55"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libpng", "source": "cna", "vendor": "pnggroup"}, "product": "libpng", "vendor": "libpng"}], "created": "2026-03-09T10:03:29.802495+00:00", "updated": "2026-03-09T10:03:29.802673+00:00", "vendors": ["libpng", "libpng$PRODUCT$libpng"]}