Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vhp1-5zpy-rfdt

Summary libpng: hardcoded value leads to heap-overflow

Aliases

alias	CVE-2021-4214

Fixed_packages

url pkg:nuget/libpng@1.6.18.1

purl pkg:nuget/libpng@1.6.18.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1h1a-mpgm-w3hf

vulnerability	VCID-8g2j-rqsk-zqfh

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1

Affected_packages

url pkg:conan/libpng@1.6.0

purl pkg:conan/libpng@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vhp1-5zpy-rfdt

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/libpng@1.6.0

url pkg:nuget/libpng@1.6.0

purl pkg:nuget/libpng@1.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3ggs-vja8-r3de

vulnerability	VCID-cu24-1rcd-93g3

vulnerability	VCID-had5-3tnv-k3hm

vulnerability	VCID-mxh6-rpb3-tbbq

vulnerability	VCID-nhbw-6tpy-pbh3

vulnerability	VCID-vhp1-5zpy-rfdt

vulnerability	VCID-zetn-zwnv-u7gf

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.0

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4214.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4214.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-4214

reference_id

reference_type

scores

value	0.0013
scoring_system	epss
scoring_elements	0.32438
published_at	2026-04-01T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32583
published_at	2026-04-02T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32619
published_at	2026-04-04T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32442
published_at	2026-04-07T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.3249
published_at	2026-04-08T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32518
published_at	2026-04-09T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32521
published_at	2026-04-11T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32483
published_at	2026-04-12T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32457
published_at	2026-04-13T12:55:00Z

value	0.0013
scoring_system	epss
scoring_elements	0.32492
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-4214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4214

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/glennrp/libpng/issues/302
reference_id
reference_type
scores
url	https://github.com/glennrp/libpng/issues/302

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2043393
reference_id	2043393
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2043393

reference_url	https://access.redhat.com/security/cve/CVE-2021-4214
reference_id	CVE-2021-4214
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2021-4214

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-4214
reference_id	CVE-2021-4214
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-4214

reference_url	https://security-tracker.debian.org/tracker/CVE-2021-4214
reference_id	CVE-2021-4214
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2021-4214

Weaknesses

cwe_id	120
name	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
description	The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 3.3 - 5.5

Exploitability 0.5

Weighted_severity 5.0

Risk_score 2.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhp1-5zpy-rfdt

Vulnerability Instance