Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:nuget/libpng@1.2.0

Type nuget

Namespace

Name libpng

Version 1.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-9dg2-qygx-vbah

vulnerability_id VCID-9dg2-qygx-vbah

summary

NULL Pointer Dereference
The png_err function in pngerror.c in libpng  makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2691.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2691.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2691

reference_id

reference_type

scores

value	0.07693
scoring_system	epss
scoring_elements	0.91874
published_at	2026-04-01T12:55:00Z

value	0.07693
scoring_system	epss
scoring_elements	0.91882
published_at	2026-04-02T12:55:00Z

value	0.07693
scoring_system	epss
scoring_elements	0.9189
published_at	2026-04-04T12:55:00Z

value	0.07693
scoring_system	epss
scoring_elements	0.91897
published_at	2026-04-07T12:55:00Z

value	0.07693
scoring_system	epss
scoring_elements	0.91909
published_at	2026-04-08T12:55:00Z

value	0.07693
scoring_system	epss
scoring_elements	0.91915
published_at	2026-04-09T12:55:00Z

value	0.07693
scoring_system	epss
scoring_elements	0.91917
published_at	2026-04-12T12:55:00Z

value	0.07693
scoring_system	epss
scoring_elements	0.91913
published_at	2026-04-13T12:55:00Z

value	0.07693
scoring_system	epss
scoring_elements	0.91932
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2691

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=720608
reference_id	720608
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=720608

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2011-2691
reference_id	CVE-2011-2691
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2011-2691

reference_url	https://security.gentoo.org/glsa/201206-15
reference_id	GLSA-201206-15
reference_type
scores
url	https://security.gentoo.org/glsa/201206-15

fixed_packages

url pkg:nuget/libpng@1.6.18.1

purl pkg:nuget/libpng@1.6.18.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1h1a-mpgm-w3hf

vulnerability	VCID-8g2j-rqsk-zqfh

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1

aliases CVE-2011-2691

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dg2-qygx-vbah

url VCID-axvf-w4r8-xkhv

vulnerability_id VCID-axvf-w4r8-xkhv

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The png_set_text_2 function in pngset.c in libpng  allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3048.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3048

reference_id

reference_type

scores

value	0.16887
scoring_system	epss
scoring_elements	0.94928
published_at	2026-04-01T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.94936
published_at	2026-04-02T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.94938
published_at	2026-04-04T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.9494
published_at	2026-04-07T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.94949
published_at	2026-04-08T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.94952
published_at	2026-04-09T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.94957
published_at	2026-04-11T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.94959
published_at	2026-04-12T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.94962
published_at	2026-04-13T12:55:00Z

value	0.16887
scoring_system	epss
scoring_elements	0.9497
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3048

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=808139
reference_id	808139
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=808139

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2011-3048
reference_id	CVE-2011-3048
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2011-3048

reference_url	https://security.gentoo.org/glsa/201206-15
reference_id	GLSA-201206-15
reference_type
scores
url	https://security.gentoo.org/glsa/201206-15

reference_url	https://access.redhat.com/errata/RHSA-2012:0523
reference_id	RHSA-2012:0523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0523

reference_url	https://usn.ubuntu.com/1417-1/
reference_id	USN-1417-1
reference_type
scores
url	https://usn.ubuntu.com/1417-1/

fixed_packages

url pkg:nuget/libpng@1.6.18.1

purl pkg:nuget/libpng@1.6.18.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1h1a-mpgm-w3hf

vulnerability	VCID-8g2j-rqsk-zqfh

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1

aliases CVE-2011-3048

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axvf-w4r8-xkhv

url VCID-d5tt-4fbc-m7ar

vulnerability_id VCID-d5tt-4fbc-m7ar

summary

Uncontrolled Resource Consumption
The png_decompress_chunk function in pngrutil.c in libpng  does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0205.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0205.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-0205

reference_id

reference_type

scores

value	0.04579
scoring_system	epss
scoring_elements	0.89221
published_at	2026-04-12T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.89218
published_at	2026-04-13T12:55:00Z

value	0.04579
scoring_system	epss
scoring_elements	0.8923
published_at	2026-04-16T12:55:00Z

value	0.09782
scoring_system	epss
scoring_elements	0.92947
published_at	2026-04-08T12:55:00Z

value	0.09782
scoring_system	epss
scoring_elements	0.92928
published_at	2026-04-01T12:55:00Z

value	0.09782
scoring_system	epss
scoring_elements	0.92957
published_at	2026-04-11T12:55:00Z

value	0.09782
scoring_system	epss
scoring_elements	0.92952
published_at	2026-04-09T12:55:00Z

value	0.09782
scoring_system	epss
scoring_elements	0.92937
published_at	2026-04-02T12:55:00Z

value	0.09782
scoring_system	epss
scoring_elements	0.9294
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-0205

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=566234
reference_id	566234
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=566234

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2010-0205
reference_id	CVE-2010-0205
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2010-0205

reference_url	https://security.gentoo.org/glsa/201010-01
reference_id	GLSA-201010-01
reference_type
scores
url	https://security.gentoo.org/glsa/201010-01

reference_url	https://access.redhat.com/errata/RHSA-2010:0534
reference_id	RHSA-2010:0534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2010:0534

reference_url	https://usn.ubuntu.com/913-1/
reference_id	USN-913-1
reference_type
scores
url	https://usn.ubuntu.com/913-1/

fixed_packages

url pkg:nuget/libpng@1.5.10.9

purl pkg:nuget/libpng@1.5.10.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1h1a-mpgm-w3hf

vulnerability	VCID-8g2j-rqsk-zqfh

vulnerability	VCID-9d14-kqac-nbbt

vulnerability	VCID-ajs9-y6dt-5fhj

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-h89j-mr17-rua9

vulnerability	VCID-una1-4acn-s3dy

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.5.10.9

aliases CVE-2010-0205

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5tt-4fbc-m7ar

url VCID-hfvd-x3vm-fyfz

vulnerability_id VCID-hfvd-x3vm-fyfz

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The png_push_read_zTXt function in pngpread.c in libpng  allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3425.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3425.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3425

reference_id

reference_type

scores

value	0.03231
scoring_system	epss
scoring_elements	0.87016
published_at	2026-04-01T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.87027
published_at	2026-04-02T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.87046
published_at	2026-04-04T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.87039
published_at	2026-04-07T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.87059
published_at	2026-04-08T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.87066
published_at	2026-04-09T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.8708
published_at	2026-04-11T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.87074
published_at	2026-04-12T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.87069
published_at	2026-04-13T12:55:00Z

value	0.03231
scoring_system	epss
scoring_elements	0.87085
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3425

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=813249
reference_id	813249
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=813249

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2012-3425
reference_id	CVE-2012-3425
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2012-3425

reference_url	https://usn.ubuntu.com/2815-1/
reference_id	USN-2815-1
reference_type
scores
url	https://usn.ubuntu.com/2815-1/

fixed_packages

url pkg:nuget/libpng@1.6.18.1

purl pkg:nuget/libpng@1.6.18.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1h1a-mpgm-w3hf

vulnerability	VCID-8g2j-rqsk-zqfh

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1

aliases CVE-2012-3425

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfvd-x3vm-fyfz

url VCID-kf5b-ush9-mkd1

vulnerability_id VCID-kf5b-ush9-mkd1

summary

Out-of-bounds Read
The png_format_buffer function in pngerror.c in libpng  allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2501.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2501.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2501

reference_id

reference_type

scores

value	0.02245
scoring_system	epss
scoring_elements	0.84495
published_at	2026-04-01T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84511
published_at	2026-04-02T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84532
published_at	2026-04-04T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84535
published_at	2026-04-07T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84557
published_at	2026-04-08T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84563
published_at	2026-04-09T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84582
published_at	2026-04-11T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84577
published_at	2026-04-12T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84573
published_at	2026-04-13T12:55:00Z

value	0.02245
scoring_system	epss
scoring_elements	0.84593
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2501

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=717084
reference_id	717084
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=717084

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2011-2501
reference_id	CVE-2011-2501
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2011-2501

reference_url	https://security.gentoo.org/glsa/201206-15
reference_id	GLSA-201206-15
reference_type
scores
url	https://security.gentoo.org/glsa/201206-15

reference_url	https://access.redhat.com/errata/RHSA-2011:1105
reference_id	RHSA-2011:1105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1105

reference_url	https://usn.ubuntu.com/1175-1/
reference_id	USN-1175-1
reference_type
scores
url	https://usn.ubuntu.com/1175-1/

fixed_packages

url pkg:nuget/libpng@1.5.10.9

purl pkg:nuget/libpng@1.5.10.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1h1a-mpgm-w3hf

vulnerability	VCID-8g2j-rqsk-zqfh

vulnerability	VCID-9d14-kqac-nbbt

vulnerability	VCID-ajs9-y6dt-5fhj

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-h89j-mr17-rua9

vulnerability	VCID-una1-4acn-s3dy

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.5.10.9

aliases CVE-2011-2501

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf5b-ush9-mkd1

url VCID-qpn2-bwsx-1kcg

vulnerability_id VCID-qpn2-bwsx-1kcg

summary

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Buffer overflow in libpng , when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2690.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2690.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2690

reference_id

reference_type

scores

value	0.01256
scoring_system	epss
scoring_elements	0.7933
published_at	2026-04-01T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.79337
published_at	2026-04-02T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.7936
published_at	2026-04-04T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.79346
published_at	2026-04-07T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.79373
published_at	2026-04-08T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.79382
published_at	2026-04-09T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.79405
published_at	2026-04-11T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.79389
published_at	2026-04-12T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.79378
published_at	2026-04-13T12:55:00Z

value	0.01256
scoring_system	epss
scoring_elements	0.7941
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2690

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=720607
reference_id	720607
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=720607

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2011-2690
reference_id	CVE-2011-2690
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2011-2690

reference_url	https://security.gentoo.org/glsa/201206-15
reference_id	GLSA-201206-15
reference_type
scores
url	https://security.gentoo.org/glsa/201206-15

reference_url	https://access.redhat.com/errata/RHSA-2011:1104
reference_id	RHSA-2011:1104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1104

reference_url	https://access.redhat.com/errata/RHSA-2011:1105
reference_id	RHSA-2011:1105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1105

reference_url	https://usn.ubuntu.com/1175-1/
reference_id	USN-1175-1
reference_type
scores
url	https://usn.ubuntu.com/1175-1/

fixed_packages

url pkg:nuget/libpng@1.6.18.1

purl pkg:nuget/libpng@1.6.18.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1h1a-mpgm-w3hf

vulnerability	VCID-8g2j-rqsk-zqfh

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1

aliases CVE-2011-2690

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpn2-bwsx-1kcg

url VCID-uddn-ka9m-wycz

vulnerability_id VCID-uddn-ka9m-wycz

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The png_handle_sCAL function in pngrutil.c in libpng  does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2692.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2692.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2692

reference_id

reference_type

scores

value	0.07473
scoring_system	epss
scoring_elements	0.91735
published_at	2026-04-01T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91744
published_at	2026-04-02T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91749
published_at	2026-04-04T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91757
published_at	2026-04-07T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91769
published_at	2026-04-08T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91776
published_at	2026-04-09T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91779
published_at	2026-04-11T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91781
published_at	2026-04-12T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91777
published_at	2026-04-13T12:55:00Z

value	0.07473
scoring_system	epss
scoring_elements	0.91797
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2692

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=720612
reference_id	720612
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=720612

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2011-2692
reference_id	CVE-2011-2692
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2011-2692

reference_url	https://security.gentoo.org/glsa/201206-15
reference_id	GLSA-201206-15
reference_type
scores
url	https://security.gentoo.org/glsa/201206-15

reference_url	https://access.redhat.com/errata/RHSA-2011:1103
reference_id	RHSA-2011:1103
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1103

reference_url	https://access.redhat.com/errata/RHSA-2011:1104
reference_id	RHSA-2011:1104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1104

reference_url	https://access.redhat.com/errata/RHSA-2011:1105
reference_id	RHSA-2011:1105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1105

reference_url	https://usn.ubuntu.com/1175-1/
reference_id	USN-1175-1
reference_type
scores
url	https://usn.ubuntu.com/1175-1/

fixed_packages

url pkg:nuget/libpng@1.6.18.1

purl pkg:nuget/libpng@1.6.18.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1h1a-mpgm-w3hf

vulnerability	VCID-8g2j-rqsk-zqfh

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1

aliases CVE-2011-2692

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uddn-ka9m-wycz

url VCID-zetn-zwnv-u7gf

vulnerability_id VCID-zetn-zwnv-u7gf

summary

NULL Pointer Dereference
The png_set_text_2 function in libpng  allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10087

reference_id

reference_type

scores

value	0.00926
scoring_system	epss
scoring_elements	0.75969
published_at	2026-04-01T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.76067
published_at	2026-04-16T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.76056
published_at	2026-04-11T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.76032
published_at	2026-04-12T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.76027
published_at	2026-04-13T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.75972
published_at	2026-04-02T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.76004
published_at	2026-04-04T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.75983
published_at	2026-04-07T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.76016
published_at	2026-04-08T12:55:00Z

value	0.00926
scoring_system	epss
scoring_elements	0.76031
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10087

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	1.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1409617
reference_id	1409617
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1409617

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799
reference_id	849799
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799

reference_url	https://security.archlinux.org/ASA-201701-2
reference_id	ASA-201701-2
reference_type
scores
url	https://security.archlinux.org/ASA-201701-2

reference_url	https://security.archlinux.org/ASA-201701-5
reference_id	ASA-201701-5
reference_type
scores
url	https://security.archlinux.org/ASA-201701-5

reference_url

https://security.archlinux.org/AVG-119

reference_id

AVG-119

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-119

reference_url

https://security.archlinux.org/AVG-120

reference_id

AVG-120

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-120

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-10087
reference_id	CVE-2016-10087
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-10087

reference_url	https://security.gentoo.org/glsa/201701-74
reference_id	GLSA-201701-74
reference_type
scores
url	https://security.gentoo.org/glsa/201701-74

reference_url	https://usn.ubuntu.com/3712-1/
reference_id	USN-3712-1
reference_type
scores
url	https://usn.ubuntu.com/3712-1/

reference_url	https://usn.ubuntu.com/3712-2/
reference_id	USN-3712-2
reference_type
scores
url	https://usn.ubuntu.com/3712-2/

fixed_packages

url pkg:nuget/libpng@1.6.26.1

purl pkg:nuget/libpng@1.6.26.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8g2j-rqsk-zqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.26.1

url pkg:nuget/libpng@1.6.28.1

purl pkg:nuget/libpng@1.6.28.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8g2j-rqsk-zqfh

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.28.1

aliases CVE-2016-10087

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zetn-zwnv-u7gf

Fixing_vulnerabilities

Risk_score 1.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.2.0

Package Instance