Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-xpad-wqev-ryes
Summary
Improper Restriction of Operations within the Bounds of a Memory Buffer
pngrtran.c in libpng allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.
Aliases
0
alias CVE-2011-0408
Fixed_packages
0
url pkg:nuget/libpng@1.6.18.1
purl pkg:nuget/libpng@1.6.18.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1h1a-mpgm-w3hf
1
vulnerability VCID-8g2j-rqsk-zqfh
2
vulnerability VCID-cu24-1rcd-93g3
3
vulnerability VCID-zetn-zwnv-u7gf
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1
Affected_packages
0
url pkg:nuget/libpng@1.5.0
purl pkg:nuget/libpng@1.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9dg2-qygx-vbah
1
vulnerability VCID-ajs9-y6dt-5fhj
2
vulnerability VCID-axvf-w4r8-xkhv
3
vulnerability VCID-cu24-1rcd-93g3
4
vulnerability VCID-h89j-mr17-rua9
5
vulnerability VCID-hfvd-x3vm-fyfz
6
vulnerability VCID-kf5b-ush9-mkd1
7
vulnerability VCID-qpn2-bwsx-1kcg
8
vulnerability VCID-uddn-ka9m-wycz
9
vulnerability VCID-una1-4acn-s3dy
10
vulnerability VCID-xpad-wqev-ryes
11
vulnerability VCID-zetn-zwnv-u7gf
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.5.0
References
0
reference_url ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt
reference_id
reference_type
scores
url ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt
1
reference_url ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt
reference_id
reference_type
scores
url ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt
2
reference_url http://osvdb.org/70417
reference_id
reference_type
scores
url http://osvdb.org/70417
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0408.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0408.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0408
reference_id
reference_type
scores
0
value 0.05904
scoring_system epss
scoring_elements 0.90617
published_at 2026-04-18T12:55:00Z
1
value 0.05904
scoring_system epss
scoring_elements 0.90557
published_at 2026-04-01T12:55:00Z
2
value 0.05904
scoring_system epss
scoring_elements 0.90562
published_at 2026-04-02T12:55:00Z
3
value 0.05904
scoring_system epss
scoring_elements 0.90572
published_at 2026-04-04T12:55:00Z
4
value 0.05904
scoring_system epss
scoring_elements 0.9058
published_at 2026-04-07T12:55:00Z
5
value 0.05904
scoring_system epss
scoring_elements 0.90592
published_at 2026-04-08T12:55:00Z
6
value 0.05904
scoring_system epss
scoring_elements 0.90598
published_at 2026-04-09T12:55:00Z
7
value 0.05904
scoring_system epss
scoring_elements 0.90607
published_at 2026-04-12T12:55:00Z
8
value 0.05904
scoring_system epss
scoring_elements 0.90601
published_at 2026-04-13T12:55:00Z
9
value 0.05904
scoring_system epss
scoring_elements 0.9062
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0408
5
reference_url http://secunia.com/advisories/42863
reference_id
reference_type
scores
url http://secunia.com/advisories/42863
6
reference_url http://securitytracker.com/id?1024955
reference_id
reference_type
scores
url http://securitytracker.com/id?1024955
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/64637
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/64637
8
reference_url http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement
reference_id
reference_type
scores
url http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement
9
reference_url http://www.kb.cert.org/vuls/id/643140
reference_id
reference_type
scores
url http://www.kb.cert.org/vuls/id/643140
10
reference_url http://www.vupen.com/english/advisories/2011/0080
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0080
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=671502
reference_id 671502
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=671502
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0408
reference_id CVE-2011-0408
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2011-0408
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 119
name Improper Restriction of Operations within the Bounds of a Memory Buffer
description The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 190
name Integer Overflow or Wraparound
description The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Exploits
Severity_range_score6.8 - 6.8
Exploitability0.5
Weighted_severity6.1
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-xpad-wqev-ryes