{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Java SE version 7u191",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "JRockit version R28.3.19",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 6u201",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 8u182",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 11",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE Embedded version 8u181",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3209"
    },
    {
      "name": "CVE-2018-13785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13785"
    },
    {
      "name": "CVE-2018-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
    },
    {
      "name": "CVE-2018-3211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3211"
    },
    {
      "name": "CVE-2018-3149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3149"
    },
    {
      "name": "CVE-2018-3150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3150"
    },
    {
      "name": "CVE-2018-3180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
    },
    {
      "name": "CVE-2018-3214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3214"
    },
    {
      "name": "CVE-2018-3136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3136"
    },
    {
      "name": "CVE-2018-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3169"
    },
    {
      "name": "CVE-2018-3157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3157"
    },
    {
      "name": "CVE-2018-3183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3183"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-495",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#JAVA"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Java SE version 7u191",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "JRockit version R28.3.19",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 6u201",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 8u182",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE version 11",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Java SE Embedded version 8u181",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3209"
    },
    {
      "name": "CVE-2018-13785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13785"
    },
    {
      "name": "CVE-2018-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
    },
    {
      "name": "CVE-2018-3211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3211"
    },
    {
      "name": "CVE-2018-3149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3149"
    },
    {
      "name": "CVE-2018-3150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3150"
    },
    {
      "name": "CVE-2018-3180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
    },
    {
      "name": "CVE-2018-3214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3214"
    },
    {
      "name": "CVE-2018-3136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3136"
    },
    {
      "name": "CVE-2018-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3169"
    },
    {
      "name": "CVE-2018-3157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3157"
    },
    {
      "name": "CVE-2018-3183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3183"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-495",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#JAVA"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    }
  ]
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD36A99-1431-4B6C-9C92-3D94B56B4BED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*",
              "matchCriteriaId": "9C07DBB8-760D-4A9E-B7C7-A382D650658B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*",
              "matchCriteriaId": "ED6BF214-B45C-405E-83AC-C8A084A6E4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "7D8C0DB7-6178-4D70-B460-97A49F012560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE66FC86-ADF3-4295-9C10-2A0AF16A538C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*",
              "matchCriteriaId": "BBE0F763-B860-4B30-A5E9-2FCE78F5932D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*",
              "matchCriteriaId": "C192F54C-108C-4E40-BC29-CF911C3B9EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*",
              "matchCriteriaId": "4ADC2C70-B7C4-49AC-B4CC-C5FC60903F3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32548053-521C-4D17-8791-680074D5C55E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service."
    },
    {
      "lang": "es",
      "value": "En libpng 1.6.34, un c\u00e1lculo err\u00f3neo de row_factor en la funci\u00f3n png_check_chunk_length (pngrutil.c) podr\u00eda desencadenar un desbordamiento de enteros y una divisi\u00f3n entre cero resultante al procesar un archivo PNG manipulado, lo que conducir\u00eda a una denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2018-13785",
  "lastModified": "2024-11-21T03:47:58.677",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-09T13:29:00.443",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105599"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041889"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3000"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3001"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3002"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3003"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3007"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3008"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3533"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3534"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3671"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3672"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3779"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3852"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201908-10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sourceforge.net/p/libpng/bugs/278/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3712-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201908-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://sourceforge.net/p/libpng/bugs/278/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3712-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-369"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2018-13785"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-09T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",
  "id": "GHSA-fj59-ccrm-8h5w",
  "modified": "2022-05-13T01:16:49Z",
  "published": "2022-05-13T01:16:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13785"
    },
    {
      "type": "WEB",
      "url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3712-1"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/libpng/bugs/278"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20181018-0001"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201908-10"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3852"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3779"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3672"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3671"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3534"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3533"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3008"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3007"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3003"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3002"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3001"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3000"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105599"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041889"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2018-13785",
    "description": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",
    "id": "GSD-2018-13785",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-13785.html",
      "https://access.redhat.com/errata/RHSA-2018:3852",
      "https://access.redhat.com/errata/RHSA-2018:3779",
      "https://access.redhat.com/errata/RHSA-2018:3672",
      "https://access.redhat.com/errata/RHSA-2018:3671",
      "https://access.redhat.com/errata/RHSA-2018:3534",
      "https://access.redhat.com/errata/RHSA-2018:3533",
      "https://access.redhat.com/errata/RHSA-2018:3008",
      "https://access.redhat.com/errata/RHSA-2018:3007",
      "https://access.redhat.com/errata/RHSA-2018:3003",
      "https://access.redhat.com/errata/RHSA-2018:3002",
      "https://access.redhat.com/errata/RHSA-2018:3001",
      "https://access.redhat.com/errata/RHSA-2018:3000",
      "https://ubuntu.com/security/CVE-2018-13785",
      "https://advisories.mageia.org/CVE-2018-13785.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-13785"
      ],
      "details": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",
      "id": "GSD-2018-13785",
      "modified": "2023-12-13T01:22:26.680323Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-13785",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2018:3007",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3007"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20181018-0001/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
          },
          {
            "name": "RHSA-2018:3779",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3779"
          },
          {
            "name": "RHSA-2018:3534",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3534"
          },
          {
            "name": "RHSA-2018:3003",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3003"
          },
          {
            "name": "USN-3712-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3712-1/"
          },
          {
            "name": "RHSA-2018:3002",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3002"
          },
          {
            "name": "https://sourceforge.net/p/libpng/bugs/278/",
            "refsource": "MISC",
            "url": "https://sourceforge.net/p/libpng/bugs/278/"
          },
          {
            "name": "RHSA-2018:3671",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3671"
          },
          {
            "name": "RHSA-2018:3852",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3852"
          },
          {
            "name": "RHSA-2018:3008",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3008"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "RHSA-2018:3533",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3533"
          },
          {
            "name": "RHSA-2018:3001",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3001"
          },
          {
            "name": "RHSA-2018:3000",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3000"
          },
          {
            "name": "105599",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105599"
          },
          {
            "name": "1041889",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041889"
          },
          {
            "name": "RHSA-2018:3672",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:3672"
          },
          {
            "name": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2",
            "refsource": "MISC",
            "url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
          },
          {
            "name": "GLSA-201908-10",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201908-10"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[1.6.34]",
          "affected_versions": "Version 1.6.34",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-369",
            "CWE-937"
          ],
          "date": "2020-09-08",
          "description": "In libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",
          "fixed_versions": [],
          "identifier": "CVE-2018-13785",
          "identifiers": [
            "CVE-2018-13785"
          ],
          "not_impacted": "",
          "package_slug": "nuget/libpng",
          "pubdate": "2018-07-09",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Divide By Zero",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-13785"
          ],
          "uuid": "f0cd217a-caa0-4030-8d54-0851440be6e1"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libpng:libpng:1.6.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.7.0:update191:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jdk:1.6.0:update201:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.6.0:update201:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.7.0:update191:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jre:1.8.0:update181:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13785"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-369"
                },
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sourceforge.net/p/libpng/bugs/278/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://sourceforge.net/p/libpng/bugs/278/"
            },
            {
              "name": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2"
            },
            {
              "name": "USN-3712-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3712-1/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "1041889",
              "refsource": "SECTRACK",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041889"
            },
            {
              "name": "105599",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105599"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181018-0001/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
            },
            {
              "name": "RHSA-2018:3008",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3008"
            },
            {
              "name": "RHSA-2018:3007",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3007"
            },
            {
              "name": "RHSA-2018:3003",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3003"
            },
            {
              "name": "RHSA-2018:3002",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3002"
            },
            {
              "name": "RHSA-2018:3001",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3001"
            },
            {
              "name": "RHSA-2018:3000",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3000"
            },
            {
              "name": "RHSA-2018:3534",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3534"
            },
            {
              "name": "RHSA-2018:3533",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3533"
            },
            {
              "name": "RHSA-2018:3672",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3672"
            },
            {
              "name": "RHSA-2018:3671",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3671"
            },
            {
              "name": "RHSA-2018:3779",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3779"
            },
            {
              "name": "RHSA-2018:3852",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3852"
            },
            {
              "name": "GLSA-201908-10",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201908-10"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-27T17:35Z",
      "publishedDate": "2018-07-09T13:29Z"
    }
  }
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for java-1_8_0-openjdk",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for java-1_8_0-openjdk to version 8u191 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-3136: Manifest better support (bsc#1112142)\n- CVE-2018-3139: Better HTTP Redirection (bsc#1112143)\n- CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)\n- CVE-2018-3169: Improve field accesses (bsc#1112146)\n- CVE-2018-3180: Improve TLS connections stability (bsc#1112147)\n- CVE-2018-3214: Better RIFF reading support (bsc#1112152)\n- CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)\n- CVE-2018-3183: Improve script engine support (bsc#1112148)\n- CVE-2018-16435: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-43",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0043-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:0043-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4E6TD23MZPFSCCET3CCXBOEPKA4LWCJ/#U4E6TD23MZPFSCCET3CCXBOEPKA4LWCJ"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:0043-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4E6TD23MZPFSCCET3CCXBOEPKA4LWCJ/#U4E6TD23MZPFSCCET3CCXBOEPKA4LWCJ"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112142",
        "url": "https://bugzilla.suse.com/1112142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112143",
        "url": "https://bugzilla.suse.com/1112143"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112144",
        "url": "https://bugzilla.suse.com/1112144"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112146",
        "url": "https://bugzilla.suse.com/1112146"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112147",
        "url": "https://bugzilla.suse.com/1112147"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112148",
        "url": "https://bugzilla.suse.com/1112148"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112152",
        "url": "https://bugzilla.suse.com/1112152"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1112153",
        "url": "https://bugzilla.suse.com/1112153"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-13785 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-13785/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16435 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16435/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3136 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3136/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3139 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3139/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3149 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3149/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3169 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3169/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3180 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3180/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3183 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3183/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-3214 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-3214/"
      }
    ],
    "title": "Security update for java-1_8_0-openjdk",
    "tracking": {
      "current_release_date": "2019-03-23T10:45:25Z",
      "generator": {
        "date": "2019-03-23T10:45:25Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:0043-1",
      "initial_release_date": "2019-03-23T10:45:25Z",
      "revision_history": [
        {
          "date": "2019-03-23T10:45:25Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
                "product": {
                  "name": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
                  "product_id": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
                "product": {
                  "name": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
                  "product_id": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
                "product": {
                  "name": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
                  "product_id": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
                "product": {
                  "name": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
                  "product_id": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
                "product": {
                  "name": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
                  "product_id": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
                "product": {
                  "name": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
                  "product_id": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
                "product": {
                  "name": "java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
                  "product_id": "java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
                "product": {
                  "name": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
                  "product_id": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
                "product": {
                  "name": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
                  "product_id": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
                "product": {
                  "name": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
                  "product_id": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
                "product": {
                  "name": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
                  "product_id": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
                "product": {
                  "name": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
                  "product_id": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64",
                "product": {
                  "name": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64",
                  "product_id": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586"
        },
        "product_reference": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64"
        },
        "product_reference": "java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586"
        },
        "product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64"
        },
        "product_reference": "java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586"
        },
        "product_reference": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64"
        },
        "product_reference": "java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586"
        },
        "product_reference": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64"
        },
        "product_reference": "java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586"
        },
        "product_reference": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64"
        },
        "product_reference": "java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch"
        },
        "product_reference": "java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586"
        },
        "product_reference": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        },
        "product_reference": "java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-13785",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-13785"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-13785",
          "url": "https://www.suse.com/security/cve/CVE-2018-13785"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100687 for CVE-2018-13785",
          "url": "https://bugzilla.suse.com/1100687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112153 for CVE-2018-13785",
          "url": "https://bugzilla.suse.com/1112153"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-13785",
          "url": "https://bugzilla.suse.com/1116574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-13785"
    },
    {
      "cve": "CVE-2018-16435",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16435"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16435",
          "url": "https://www.suse.com/security/cve/CVE-2018-16435"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1108813 for CVE-2018-16435",
          "url": "https://bugzilla.suse.com/1108813"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-16435"
    },
    {
      "cve": "CVE-2018-3136",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3136"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3136",
          "url": "https://www.suse.com/security/cve/CVE-2018-3136"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112142 for CVE-2018-3136",
          "url": "https://bugzilla.suse.com/1112142"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112143 for CVE-2018-3136",
          "url": "https://bugzilla.suse.com/1112143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112144 for CVE-2018-3136",
          "url": "https://bugzilla.suse.com/1112144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112146 for CVE-2018-3136",
          "url": "https://bugzilla.suse.com/1112146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112148 for CVE-2018-3136",
          "url": "https://bugzilla.suse.com/1112148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112152 for CVE-2018-3136",
          "url": "https://bugzilla.suse.com/1112152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-3136",
          "url": "https://bugzilla.suse.com/1116574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-3136"
    },
    {
      "cve": "CVE-2018-3139",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3139"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3139",
          "url": "https://www.suse.com/security/cve/CVE-2018-3139"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112142 for CVE-2018-3139",
          "url": "https://bugzilla.suse.com/1112142"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112143 for CVE-2018-3139",
          "url": "https://bugzilla.suse.com/1112143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112144 for CVE-2018-3139",
          "url": "https://bugzilla.suse.com/1112144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112146 for CVE-2018-3139",
          "url": "https://bugzilla.suse.com/1112146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112148 for CVE-2018-3139",
          "url": "https://bugzilla.suse.com/1112148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112152 for CVE-2018-3139",
          "url": "https://bugzilla.suse.com/1112152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-3139",
          "url": "https://bugzilla.suse.com/1116574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-3139"
    },
    {
      "cve": "CVE-2018-3149",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3149"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3149",
          "url": "https://www.suse.com/security/cve/CVE-2018-3149"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112142 for CVE-2018-3149",
          "url": "https://bugzilla.suse.com/1112142"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112143 for CVE-2018-3149",
          "url": "https://bugzilla.suse.com/1112143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112144 for CVE-2018-3149",
          "url": "https://bugzilla.suse.com/1112144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112146 for CVE-2018-3149",
          "url": "https://bugzilla.suse.com/1112146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112148 for CVE-2018-3149",
          "url": "https://bugzilla.suse.com/1112148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112152 for CVE-2018-3149",
          "url": "https://bugzilla.suse.com/1112152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-3149",
          "url": "https://bugzilla.suse.com/1116574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-3149"
    },
    {
      "cve": "CVE-2018-3169",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3169"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3169",
          "url": "https://www.suse.com/security/cve/CVE-2018-3169"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112142 for CVE-2018-3169",
          "url": "https://bugzilla.suse.com/1112142"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112143 for CVE-2018-3169",
          "url": "https://bugzilla.suse.com/1112143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112144 for CVE-2018-3169",
          "url": "https://bugzilla.suse.com/1112144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112146 for CVE-2018-3169",
          "url": "https://bugzilla.suse.com/1112146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112148 for CVE-2018-3169",
          "url": "https://bugzilla.suse.com/1112148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112152 for CVE-2018-3169",
          "url": "https://bugzilla.suse.com/1112152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-3169",
          "url": "https://bugzilla.suse.com/1116574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-3169"
    },
    {
      "cve": "CVE-2018-3180",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3180"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3180",
          "url": "https://www.suse.com/security/cve/CVE-2018-3180"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112142 for CVE-2018-3180",
          "url": "https://bugzilla.suse.com/1112142"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112143 for CVE-2018-3180",
          "url": "https://bugzilla.suse.com/1112143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112144 for CVE-2018-3180",
          "url": "https://bugzilla.suse.com/1112144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112146 for CVE-2018-3180",
          "url": "https://bugzilla.suse.com/1112146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112147 for CVE-2018-3180",
          "url": "https://bugzilla.suse.com/1112147"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112148 for CVE-2018-3180",
          "url": "https://bugzilla.suse.com/1112148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112152 for CVE-2018-3180",
          "url": "https://bugzilla.suse.com/1112152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-3180",
          "url": "https://bugzilla.suse.com/1116574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-3180"
    },
    {
      "cve": "CVE-2018-3183",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3183"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3183",
          "url": "https://www.suse.com/security/cve/CVE-2018-3183"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112142 for CVE-2018-3183",
          "url": "https://bugzilla.suse.com/1112142"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112143 for CVE-2018-3183",
          "url": "https://bugzilla.suse.com/1112143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112144 for CVE-2018-3183",
          "url": "https://bugzilla.suse.com/1112144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112146 for CVE-2018-3183",
          "url": "https://bugzilla.suse.com/1112146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112148 for CVE-2018-3183",
          "url": "https://bugzilla.suse.com/1112148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112152 for CVE-2018-3183",
          "url": "https://bugzilla.suse.com/1112152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-3183",
          "url": "https://bugzilla.suse.com/1116574"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120714 for CVE-2018-3183",
          "url": "https://bugzilla.suse.com/1120714"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-3183"
    },
    {
      "cve": "CVE-2018-3214",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-3214"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
          "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-3214",
          "url": "https://www.suse.com/security/cve/CVE-2018-3214"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112142 for CVE-2018-3214",
          "url": "https://bugzilla.suse.com/1112142"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112143 for CVE-2018-3214",
          "url": "https://bugzilla.suse.com/1112143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112144 for CVE-2018-3214",
          "url": "https://bugzilla.suse.com/1112144"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112146 for CVE-2018-3214",
          "url": "https://bugzilla.suse.com/1112146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112148 for CVE-2018-3214",
          "url": "https://bugzilla.suse.com/1112148"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112152 for CVE-2018-3214",
          "url": "https://bugzilla.suse.com/1112152"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-3214",
          "url": "https://bugzilla.suse.com/1116574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2.x86_64",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2.noarch",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.i586",
            "openSUSE Leap 15.0:java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-03-23T10:45:25Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-3214"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for libpng16",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for libpng16 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when \n  png_image_free() was called under png_safe_execute (bsc#1124211).\n- CVE-2018-13785: Fixed a wrong calculation of row_factor in the\n  png_check_chunk_length function in pngrutil.c, which could haved triggered\n  and integer overflow and result in an divide-by-zero while processing a\n  crafted PNG file, leading to a denial of service (bsc#1100687)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2019-1530",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1530-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2019:1530-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL/#Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2019:1530-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL/#Q4HM5QQMXWECPZMLHD5SAWL5ZKD2JZWL"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100687",
        "url": "https://bugzilla.suse.com/1100687"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1121624",
        "url": "https://bugzilla.suse.com/1121624"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124211",
        "url": "https://bugzilla.suse.com/1124211"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-13785 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-13785/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7317 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7317/"
      }
    ],
    "title": "Security update for libpng16",
    "tracking": {
      "current_release_date": "2019-06-07T15:14:56Z",
      "generator": {
        "date": "2019-06-07T15:14:56Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2019:1530-1",
      "initial_release_date": "2019-06-07T15:14:56Z",
      "revision_history": [
        {
          "date": "2019-06-07T15:14:56Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng16-16-1.6.34-lp151.3.3.1.i586",
                "product": {
                  "name": "libpng16-16-1.6.34-lp151.3.3.1.i586",
                  "product_id": "libpng16-16-1.6.34-lp151.3.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
                "product": {
                  "name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
                  "product_id": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-devel-1.6.34-lp151.3.3.1.i586",
                "product": {
                  "name": "libpng16-devel-1.6.34-lp151.3.3.1.i586",
                  "product_id": "libpng16-devel-1.6.34-lp151.3.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-tools-1.6.34-lp151.3.3.1.i586",
                "product": {
                  "name": "libpng16-tools-1.6.34-lp151.3.3.1.i586",
                  "product_id": "libpng16-tools-1.6.34-lp151.3.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpng16-16-1.6.34-lp151.3.3.1.x86_64",
                "product": {
                  "name": "libpng16-16-1.6.34-lp151.3.3.1.x86_64",
                  "product_id": "libpng16-16-1.6.34-lp151.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
                "product": {
                  "name": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
                  "product_id": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
                "product": {
                  "name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
                  "product_id": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
                "product": {
                  "name": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
                  "product_id": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
                "product": {
                  "name": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
                  "product_id": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
                "product": {
                  "name": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
                  "product_id": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
                "product": {
                  "name": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
                  "product_id": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.0",
                "product": {
                  "name": "openSUSE Leap 15.0",
                  "product_id": "openSUSE Leap 15.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-16-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586"
        },
        "product_reference": "libpng16-16-1.6.34-lp151.3.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-16-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-16-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586"
        },
        "product_reference": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-devel-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586"
        },
        "product_reference": "libpng16-devel-1.6.34-lp151.3.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-tools-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586"
        },
        "product_reference": "libpng16-tools-1.6.34-lp151.3.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.0",
          "product_id": "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-16-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586"
        },
        "product_reference": "libpng16-16-1.6.34-lp151.3.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-16-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-16-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586"
        },
        "product_reference": "libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-devel-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586"
        },
        "product_reference": "libpng16-devel-1.6.34-lp151.3.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-tools-1.6.34-lp151.3.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586"
        },
        "product_reference": "libpng16-tools-1.6.34-lp151.3.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
        },
        "product_reference": "libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-13785",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-13785"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-13785",
          "url": "https://www.suse.com/security/cve/CVE-2018-13785"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100687 for CVE-2018-13785",
          "url": "https://bugzilla.suse.com/1100687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1112153 for CVE-2018-13785",
          "url": "https://bugzilla.suse.com/1112153"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116574 for CVE-2018-13785",
          "url": "https://bugzilla.suse.com/1116574"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-06-07T15:14:56Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-13785"
    },
    {
      "cve": "CVE-2019-7317",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7317"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
          "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
          "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7317",
          "url": "https://www.suse.com/security/cve/CVE-2019-7317"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124211 for CVE-2019-7317",
          "url": "https://bugzilla.suse.com/1124211"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1135824 for CVE-2019-7317",
          "url": "https://bugzilla.suse.com/1135824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1141780 for CVE-2019-7317",
          "url": "https://bugzilla.suse.com/1141780"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1147021 for CVE-2019-7317",
          "url": "https://bugzilla.suse.com/1147021"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1165297 for CVE-2019-7317",
          "url": "https://bugzilla.suse.com/1165297"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.0:libpng16-tools-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-16-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-16-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-compat-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-compat-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-devel-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-devel-32bit-1.6.34-lp151.3.3.1.x86_64",
            "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.i586",
            "openSUSE Leap 15.1:libpng16-tools-1.6.34-lp151.3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-06-07T15:14:56Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-7317"
    }
  ]
}