{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","type":"ebuild","namespace":"media-libs","name":"libpng","version":"1.2.49","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.2.52","latest_non_vulnerable_version":"1.6.51","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6702?format=json","vulnerability_id":"VCID-9dg2-qygx-vbah","summary":"NULL Pointer Dereference\nThe png_err function in pngerror.c in libpng  makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2691.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2691","reference_id":"","reference_type":"","scores":[{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91874","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91882","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.9189","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91897","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91909","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91915","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91917","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91932","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91929","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91926","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91931","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.9193","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07693","scoring_system":"epss","scoring_elements":"0.91938","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2691"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=720608","reference_id":"720608","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=720608"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2691","reference_id":"CVE-2011-2691","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2691"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2011-2691"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dg2-qygx-vbah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6730?format=json","vulnerability_id":"VCID-axvf-w4r8-xkhv","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe png_set_text_2 function in pngset.c in libpng  allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3048.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3048.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3048","reference_id":"","reference_type":"","scores":[{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94928","published_at":"2026-04-01T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94936","published_at":"2026-04-02T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94938","published_at":"2026-04-04T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.9494","published_at":"2026-04-07T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94949","published_at":"2026-04-08T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94952","published_at":"2026-04-09T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94959","published_at":"2026-04-12T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94962","published_at":"2026-04-13T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.9497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94974","published_at":"2026-04-18T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94978","published_at":"2026-04-29T12:55:00Z"},{"value":"0.16887","scoring_system":"epss","scoring_elements":"0.94986","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3048"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=808139","reference_id":"808139","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=808139"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3048","reference_id":"CVE-2011-3048","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3048"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0523","reference_id":"RHSA-2012:0523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0523"},{"reference_url":"https://usn.ubuntu.com/1417-1/","reference_id":"USN-1417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1417-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2011-3048"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axvf-w4r8-xkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6703?format=json","vulnerability_id":"VCID-kf5b-ush9-mkd1","summary":"Out-of-bounds Read\nThe png_format_buffer function in pngerror.c in libpng  allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2501.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2501.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2501","reference_id":"","reference_type":"","scores":[{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84495","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84511","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84532","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84535","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84557","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84563","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84582","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84573","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84593","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84595","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84621","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.8463","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84632","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02245","scoring_system":"epss","scoring_elements":"0.84647","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=717084","reference_id":"717084","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=717084"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2501","reference_id":"CVE-2011-2501","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2501"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1105","reference_id":"RHSA-2011:1105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1105"},{"reference_url":"https://usn.ubuntu.com/1175-1/","reference_id":"USN-1175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2011-2501"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kf5b-ush9-mkd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34130?format=json","vulnerability_id":"VCID-kqq3-drz4-4bef","summary":"Multiple vulnerabilities in libpng might allow remote attackers to\n    execute arbitrary code or cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3026.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3026","reference_id":"","reference_type":"","scores":[{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97472","published_at":"2026-04-01T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97479","published_at":"2026-04-02T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97483","published_at":"2026-04-07T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97489","published_at":"2026-04-08T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.9749","published_at":"2026-04-09T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97493","published_at":"2026-04-11T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97495","published_at":"2026-04-12T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97496","published_at":"2026-04-13T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97504","published_at":"2026-04-16T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97506","published_at":"2026-04-24T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.97507","published_at":"2026-04-26T12:55:00Z"},{"value":"0.43166","scoring_system":"epss","scoring_elements":"0.9751","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3026"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=790737","reference_id":"790737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=790737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026","reference_id":"CVE-2011-3026","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11","reference_id":"mfsa2012-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0140","reference_id":"RHSA-2012:0140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0141","reference_id":"RHSA-2012:0141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0142","reference_id":"RHSA-2012:0142","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0143","reference_id":"RHSA-2012:0143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0317","reference_id":"RHSA-2012:0317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0317"},{"reference_url":"https://usn.ubuntu.com/1367-1/","reference_id":"USN-1367-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-1/"},{"reference_url":"https://usn.ubuntu.com/1367-2/","reference_id":"USN-1367-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-2/"},{"reference_url":"https://usn.ubuntu.com/1367-3/","reference_id":"USN-1367-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-3/"},{"reference_url":"https://usn.ubuntu.com/1367-4/","reference_id":"USN-1367-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2011-3026"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqq3-drz4-4bef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6741?format=json","vulnerability_id":"VCID-p9pa-b6en-j3f6","summary":"Stack-based buffer overflow\nOff-by-one error in the png_formatted_warning function in pngerror.c in libpng might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3464.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3464","reference_id":"","reference_type":"","scores":[{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83068","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83084","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83098","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83121","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83128","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83145","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83139","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83134","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83172","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83175","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83198","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83205","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83212","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01879","scoring_system":"epss","scoring_elements":"0.83238","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3464"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=843179","reference_id":"843179","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=843179"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3464","reference_id":"CVE-2011-3464","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3464"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2011-3464"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9pa-b6en-j3f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6704?format=json","vulnerability_id":"VCID-qpn2-bwsx-1kcg","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\nBuffer overflow in libpng , when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2690.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2690","reference_id":"","reference_type":"","scores":[{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.7933","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.7936","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79346","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79373","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79405","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79389","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79378","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.7941","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79408","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79412","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79444","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79449","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.79464","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01256","scoring_system":"epss","scoring_elements":"0.7948","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=720607","reference_id":"720607","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=720607"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2690","reference_id":"CVE-2011-2690","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2690"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1104","reference_id":"RHSA-2011:1104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1105","reference_id":"RHSA-2011:1105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1105"},{"reference_url":"https://usn.ubuntu.com/1175-1/","reference_id":"USN-1175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2011-2690"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpn2-bwsx-1kcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6701?format=json","vulnerability_id":"VCID-uddn-ka9m-wycz","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe png_handle_sCAL function in pngrutil.c in libpng  does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2692.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-2692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2692","reference_id":"","reference_type":"","scores":[{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91735","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91744","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91749","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91769","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91776","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91779","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91777","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91797","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.9179","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91791","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91798","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91794","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07473","scoring_system":"epss","scoring_elements":"0.91807","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2692"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=720612","reference_id":"720612","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=720612"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2692","reference_id":"CVE-2011-2692","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2692"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1103","reference_id":"RHSA-2011:1103","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1103"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1104","reference_id":"RHSA-2011:1104","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1104"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1105","reference_id":"RHSA-2011:1105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1105"},{"reference_url":"https://usn.ubuntu.com/1175-1/","reference_id":"USN-1175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2011-2692"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uddn-ka9m-wycz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6721?format=json","vulnerability_id":"VCID-wv1g-n5xx-7ycn","summary":"Integer Overflow or Wraparound\nInteger signedness error in the png_inflate function in pngrutil.c in libpng beta01, as used in Google Chrome and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3045.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3045.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3045","reference_id":"","reference_type":"","scores":[{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89074","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89057","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89055","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89079","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89031","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89114","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.8912","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89125","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89133","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.8904","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89095","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89087","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89085","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04462","scoring_system":"epss","scoring_elements":"0.89099","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3045"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html","reference_id":"075424.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html","reference_id":"075619.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html","reference_id":"075981.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html","reference_id":"075987.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html","reference_id":"076461.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html","reference_id":"076731.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html"},{"reference_url":"http://secunia.com/advisories/48320","reference_id":"48320","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://secunia.com/advisories/48320"},{"reference_url":"http://secunia.com/advisories/48485","reference_id":"48485","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://secunia.com/advisories/48485"},{"reference_url":"http://secunia.com/advisories/48512","reference_id":"48512","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://secunia.com/advisories/48512"},{"reference_url":"http://secunia.com/advisories/48554","reference_id":"48554","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://secunia.com/advisories/48554"},{"reference_url":"http://secunia.com/advisories/49660","reference_id":"49660","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://secunia.com/advisories/49660"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=799000","reference_id":"799000","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=799000"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:033","reference_id":"advisories?name=MDVSA-2012:033","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:033"},{"reference_url":"http://src.chromium.org/viewvc/chrome?view=rev&revision=125311","reference_id":"chrome?view=rev&revision=125311","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://src.chromium.org/viewvc/chrome?view=rev&revision=125311"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3045","reference_id":"CVE-2011-3045","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3045"},{"reference_url":"http://code.google.com/p/chromium/issues/detail?id=116162","reference_id":"detail?id=116162","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://code.google.com/p/chromium/issues/detail?id=116162"},{"reference_url":"http://www.debian.org/security/2012/dsa-2439","reference_id":"dsa-2439","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://www.debian.org/security/2012/dsa-2439"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201206-15.xml","reference_id":"glsa-201206-15.xml","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://security.gentoo.org/glsa/glsa-201206-15.xml"},{"reference_url":"http://www.securitytracker.com/id?1026823","reference_id":"id?1026823","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://www.securitytracker.com/id?1026823"},{"reference_url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b","reference_id":"libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html","reference_id":"msg00051.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763","reference_id":"oval%3Aorg.mitre.oval%3Adef%3A14763","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0407","reference_id":"RHSA-2012:0407","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0407"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0407.html","reference_id":"RHSA-2012-0407.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0407.html"},{"reference_url":"http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html","reference_id":"stable-channel-update_21.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-09T15:35:38Z/"}],"url":"http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html"},{"reference_url":"https://usn.ubuntu.com/1402-1/","reference_id":"USN-1402-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1402-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2011-3045"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv1g-n5xx-7ycn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34128?format=json","vulnerability_id":"VCID-zjm2-7z5h-fffa","summary":"Multiple vulnerabilities in libpng might allow remote attackers to\n    execute arbitrary code or cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5063.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-5063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5063","reference_id":"","reference_type":"","scores":[{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64518","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64547","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64505","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.6457","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64585","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64573","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64545","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64578","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.6459","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64575","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64595","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64608","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64607","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00469","scoring_system":"epss","scoring_elements":"0.64583","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-5063"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=690200","reference_id":"690200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=690200"},{"reference_url":"https://security.gentoo.org/glsa/201206-15","reference_id":"GLSA-201206-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-15"},{"reference_url":"https://usn.ubuntu.com/1367-1/","reference_id":"USN-1367-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1367-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73621?format=json","purl":"pkg:ebuild/media-libs/libpng@1.2.49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"},{"url":"http://public2.vulnerablecode.io/api/packages/73622?format=json","purl":"pkg:ebuild/media-libs/libpng@1.5.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.5.10"}],"aliases":["CVE-2009-5063"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjm2-7z5h-fffa"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libpng@1.2.49"}