Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/19965?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/19965?format=api", "purl": "pkg:nuget/libpng@1.2.0", "type": "nuget", "namespace": "", "name": "libpng", "version": "1.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6702?format=api", "vulnerability_id": "VCID-9dg2-qygx-vbah", "summary": "NULL Pointer Dereference\nThe png_err function in pngerror.c in libpng makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2691.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91874", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91882", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.9189", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91897", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91909", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91915", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91913", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91932", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91926", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91931", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.9193", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91938", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91951", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91961", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91968", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.07693", "scoring_system": "epss", "scoring_elements": "0.91984", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2691" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=720608", "reference_id": "720608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2691", "reference_id": "CVE-2011-2691", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2691" }, { "reference_url": "https://security.gentoo.org/glsa/201206-15", "reference_id": "GLSA-201206-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2011-2691" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dg2-qygx-vbah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6730?format=api", "vulnerability_id": "VCID-axvf-w4r8-xkhv", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe png_set_text_2 function in pngset.c in libpng allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3048.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94928", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94936", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94938", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.9494", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94949", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94952", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94959", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94962", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.9497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94974", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94977", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94978", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94986", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.94992", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.95001", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.95005", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.9501", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.16887", "scoring_system": "epss", "scoring_elements": "0.95021", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3048" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=808139", "reference_id": "808139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808139" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3048", "reference_id": "CVE-2011-3048", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3048" }, { "reference_url": "https://security.gentoo.org/glsa/201206-15", "reference_id": "GLSA-201206-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0523", "reference_id": "RHSA-2012:0523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0523" }, { "reference_url": "https://usn.ubuntu.com/1417-1/", "reference_id": "USN-1417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1417-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2011-3048" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axvf-w4r8-xkhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6678?format=api", "vulnerability_id": "VCID-d5tt-4fbc-m7ar", "summary": "Uncontrolled Resource Consumption\nThe png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0205.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0205.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0205", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89317", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89252", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.8926", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89277", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89289", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89286", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89297", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89221", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89218", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.8923", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89226", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89243", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04579", "scoring_system": "epss", "scoring_elements": "0.89248", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.09782", "scoring_system": "epss", "scoring_elements": "0.92937", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09782", "scoring_system": "epss", "scoring_elements": "0.9294", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09782", "scoring_system": "epss", "scoring_elements": "0.92947", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09782", "scoring_system": "epss", "scoring_elements": "0.92952", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09782", "scoring_system": "epss", "scoring_elements": "0.92957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09782", "scoring_system": "epss", "scoring_elements": "0.92928", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0205" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566234", "reference_id": "566234", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566234" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0205", "reference_id": "CVE-2010-0205", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0205" }, { "reference_url": "https://security.gentoo.org/glsa/201010-01", "reference_id": "GLSA-201010-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201010-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0534", "reference_id": "RHSA-2010:0534", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0534" }, { "reference_url": "https://usn.ubuntu.com/913-1/", "reference_id": "USN-913-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/913-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19967?format=api", "purl": "pkg:nuget/libpng@1.5.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-9d14-kqac-nbbt" }, { "vulnerability": "VCID-ajs9-y6dt-5fhj" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-h89j-mr17-rua9" }, { "vulnerability": "VCID-una1-4acn-s3dy" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.5.10.9" } ], "aliases": [ "CVE-2010-0205" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5tt-4fbc-m7ar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6743?format=api", "vulnerability_id": "VCID-hfvd-x3vm-fyfz", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe png_push_read_zTXt function in pngpread.c in libpng allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3425.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87016", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87027", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87046", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87039", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87066", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.8708", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87074", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87069", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87085", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87089", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87086", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87105", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87111", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87131", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87147", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87165", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.8716", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.87175", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03231", "scoring_system": "epss", "scoring_elements": "0.8721", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3425" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=813249", "reference_id": "813249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=813249" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3425", "reference_id": "CVE-2012-3425", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3425" }, { "reference_url": "https://usn.ubuntu.com/2815-1/", "reference_id": "USN-2815-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2815-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2012-3425" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfvd-x3vm-fyfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6703?format=api", "vulnerability_id": "VCID-kf5b-ush9-mkd1", "summary": "Out-of-bounds Read\nThe png_format_buffer function in pngerror.c in libpng allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2501.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84495", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84511", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84532", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84535", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84557", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84563", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84582", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84593", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84595", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84621", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.8463", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84632", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84647", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84673", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84689", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84686", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84703", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02245", "scoring_system": "epss", "scoring_elements": "0.84733", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=717084", "reference_id": "717084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=717084" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2501", "reference_id": "CVE-2011-2501", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2501" }, { "reference_url": "https://security.gentoo.org/glsa/201206-15", "reference_id": "GLSA-201206-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1105", "reference_id": "RHSA-2011:1105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1105" }, { "reference_url": "https://usn.ubuntu.com/1175-1/", "reference_id": "USN-1175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19967?format=api", "purl": "pkg:nuget/libpng@1.5.10.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-9d14-kqac-nbbt" }, { "vulnerability": "VCID-ajs9-y6dt-5fhj" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-h89j-mr17-rua9" }, { "vulnerability": "VCID-una1-4acn-s3dy" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.5.10.9" } ], "aliases": [ "CVE-2011-2501" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kf5b-ush9-mkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6704?format=api", "vulnerability_id": "VCID-qpn2-bwsx-1kcg", "summary": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nBuffer overflow in libpng , when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2690.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.7933", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.7936", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79346", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79373", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79382", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79405", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79389", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79378", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.7941", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79408", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79412", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79444", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79449", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79464", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.7948", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79501", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79519", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79517", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79532", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01256", "scoring_system": "epss", "scoring_elements": "0.79568", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=720607", "reference_id": "720607", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720607" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2690", "reference_id": "CVE-2011-2690", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2690" }, { "reference_url": "https://security.gentoo.org/glsa/201206-15", "reference_id": "GLSA-201206-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1104", "reference_id": "RHSA-2011:1104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1105", "reference_id": "RHSA-2011:1105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1105" }, { "reference_url": "https://usn.ubuntu.com/1175-1/", "reference_id": "USN-1175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2011-2690" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpn2-bwsx-1kcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6701?format=api", "vulnerability_id": "VCID-uddn-ka9m-wycz", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe png_handle_sCAL function in pngrutil.c in libpng does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2692.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91735", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91744", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91749", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91776", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91779", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91781", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91777", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91797", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.9179", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91791", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91798", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91794", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91807", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91817", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91827", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91826", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91833", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.07473", "scoring_system": "epss", "scoring_elements": "0.91846", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2692" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=720612", "reference_id": "720612", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720612" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2692", "reference_id": "CVE-2011-2692", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2692" }, { "reference_url": "https://security.gentoo.org/glsa/201206-15", "reference_id": "GLSA-201206-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1103", "reference_id": "RHSA-2011:1103", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1103" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1104", "reference_id": "RHSA-2011:1104", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1104" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1105", "reference_id": "RHSA-2011:1105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1105" }, { "reference_url": "https://usn.ubuntu.com/1175-1/", "reference_id": "USN-1175-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1175-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "aliases": [ "CVE-2011-2692" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uddn-ka9m-wycz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7800?format=api", "vulnerability_id": "VCID-zetn-zwnv-u7gf", "summary": "NULL Pointer Dereference\nThe png_set_text_2 function in libpng allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10087.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75969", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76228", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76177", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76164", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76179", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75972", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76004", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75983", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76016", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76031", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76056", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76032", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76027", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76067", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76071", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76055", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76094", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76104", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76115", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76124", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76155", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409617", "reference_id": "1409617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409617" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799", "reference_id": "849799", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849799" }, { "reference_url": "https://security.archlinux.org/ASA-201701-2", "reference_id": "ASA-201701-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-2" }, { "reference_url": "https://security.archlinux.org/ASA-201701-5", "reference_id": "ASA-201701-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-5" }, { "reference_url": "https://security.archlinux.org/AVG-119", "reference_id": "AVG-119", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-119" }, { "reference_url": "https://security.archlinux.org/AVG-120", "reference_id": "AVG-120", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-120" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10087", "reference_id": "CVE-2016-10087", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10087" }, { "reference_url": "https://security.gentoo.org/glsa/201701-74", "reference_id": "GLSA-201701-74", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-74" }, { "reference_url": "https://usn.ubuntu.com/3712-1/", "reference_id": "USN-3712-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3712-1/" }, { "reference_url": "https://usn.ubuntu.com/3712-2/", "reference_id": "USN-3712-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3712-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/160086?format=api", "purl": "pkg:nuget/libpng@1.6.26.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8g2j-rqsk-zqfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.26.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/23839?format=api", "purl": "pkg:nuget/libpng@1.6.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8g2j-rqsk-zqfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.28.1" } ], "aliases": [ "CVE-2016-10087" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zetn-zwnv-u7gf" } ], "fixing_vulnerabilities": [], "risk_score": "1.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.2.0" }