Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/6695?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6695?format=api", "vulnerability_id": "VCID-xpad-wqev-ryes", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\npngrtran.c in libpng allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.", "aliases": [ { "alias": "CVE-2011-0408" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20001?format=api", "purl": "pkg:nuget/libpng@1.6.18.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1h1a-mpgm-w3hf" }, { "vulnerability": "VCID-8g2j-rqsk-zqfh" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.6.18.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20000?format=api", "purl": "pkg:nuget/libpng@1.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9dg2-qygx-vbah" }, { "vulnerability": "VCID-ajs9-y6dt-5fhj" }, { "vulnerability": "VCID-axvf-w4r8-xkhv" }, { "vulnerability": "VCID-cu24-1rcd-93g3" }, { "vulnerability": "VCID-h89j-mr17-rua9" }, { "vulnerability": "VCID-hfvd-x3vm-fyfz" }, { "vulnerability": "VCID-kf5b-ush9-mkd1" }, { "vulnerability": "VCID-qpn2-bwsx-1kcg" }, { "vulnerability": "VCID-uddn-ka9m-wycz" }, { "vulnerability": "VCID-una1-4acn-s3dy" }, { "vulnerability": "VCID-xpad-wqev-ryes" }, { "vulnerability": "VCID-zetn-zwnv-u7gf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.5.0" } ], "references": [ { "reference_url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt" }, { "reference_url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt" }, { "reference_url": "http://osvdb.org/70417", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/70417" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0408.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90694", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90557", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90562", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90572", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.9058", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90592", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90598", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90607", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90601", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.9062", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90617", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90615", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90631", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90632", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90628", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90641", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.9066", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.90673", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.9067", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.05904", "scoring_system": "epss", "scoring_elements": "0.9068", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0408" }, { "reference_url": "http://secunia.com/advisories/42863", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/42863" }, { "reference_url": "http://securitytracker.com/id?1024955", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024955" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64637" }, { "reference_url": "http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement", "reference_id": "", "reference_type": "", "scores": [], "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement" }, { "reference_url": "http://www.kb.cert.org/vuls/id/643140", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.kb.cert.org/vuls/id/643140" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0080", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0080" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=671502", "reference_id": "671502", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671502" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0408", "reference_id": "CVE-2011-0408", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0408" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 119, "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "description": "The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 190, "name": "Integer Overflow or Wraparound", "description": "The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control." } ], "exploits": [], "severity_range_score": "6.8 - 6.8", "exploitability": "0.5", "weighted_severity": "6.1", "risk_score": 3.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xpad-wqev-ryes" }