{"url":"http://public2.vulnerablecode.io/api/packages/51259?format=json","purl":"pkg:nuget/libpng@1.4.10","type":"nuget","namespace":"","name":"libpng","version":"1.4.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37438?format=json","vulnerability_id":"VCID-4se8-jgv9-f3cb","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe png_set_text_2 function in pngset.c in libpng  allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3048.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3048","reference_id":"","reference_type":"","scores":[{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.95082","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.95091","published_at":"2026-06-05T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.95092","published_at":"2026-06-06T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.95094","published_at":"2026-06-07T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.95093","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3048"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=808139","reference_id":"808139","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=808139"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3048","reference_id":"CVE-2011-3048","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3048"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0523","reference_id":"RHSA-2012:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0523"},{"reference_url":"https://usn.ubuntu.com/1417-1/","reference_id":"USN-1417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51199?format=json","purl":"pkg:nuget/libpng@1.6.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fmt1-496f-9qf3"},{"vulnerability":"VCID-y21n-ekwz-ayep"},{"vulnerability":"VCID-yk3y-m6rn-ukbd"},{"vulnerability":"VCID-z7uy-uene-gkb8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1"}],"aliases":["CVE-2011-3048"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4se8-jgv9-f3cb"}],"fixing_vulnerabilities":[],"risk_score":"0.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.4.10"}