[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-64505":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-20T17:17:01.048Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":71,"related":72,"reserved_at":9,"published_at":87,"modified_at":88,"state":89,"summary":90,"references_raw":99,"kevs":118,"epss":119,"epss_history":122,"metrics":382,"affected":390},"CVE-2025-64505","LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69],{"_key":28},"ALPINE-CVE-2025-64505",{"_key":30},"DEBIAN-CVE-2025-64505",{"_key":32},"DLA-4396-1",{"_key":34},"DSA-6076-1",{"_key":36},"SUSE-SU-2025:4383-1",{"_key":38},"SUSE-SU-2025:4533-1",{"_key":40},"USN-7924-1",{"_key":42},"OPENSUSE-SU-2025:15781-1",{"_key":44},"OPENSUSE-SU-2025:15797-1",{"_key":46},"SUSE-SU-2026:0898-1",{"_key":48},"UBUNTU-CVE-2025-64505",{"_key":50},"USN-8081-1",{"_key":52},"SUSE-SU-2025:21217-1",{"_key":54},"SUSE-SU-2025:21220-1",{"_key":56},"SUSE-SU-2025:4436-1",{"_key":58},"SUSE-SU-2026:20030-1",{"_key":60},"SUSE-SU-2026:20073-1",{"_key":62},"SUSE-SU-2025:4432-1",{"_key":64},"SUSE-SU-2025:4494-1",{"_key":66},"OPENSUSE-SU-2026:20017-1",{"_key":68},"MGASA-2025-0314",{"_key":70},"RHSA-2026:6732",[],[73,74,75,76,77,78,79,80,81,82,83,84,85,86],{"_key":36},{"_key":38},{"_key":42},{"_key":44},{"_key":46},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},"2025-11-24T23:38:40.405Z","2025-11-25T18:55:50.619Z","Analyzed",{"cisa_kev":91,"cisa_ransomware":91,"cisa_vendor":9,"epss_severity":92,"epss_score":93,"severity":94,"severity_score":95,"severity_version":96,"severity_source":97,"severity_vector":98,"severity_status":89},false,"low",0.00012,"medium",6.1,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",[100,107,113],{"url":101,"sources":102,"tags":104},"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42",[97,103],"nvd",[105,106],"X Refsource CONFIRM","Vendor Advisory",{"url":108,"sources":109,"tags":110},"https://github.com/pnggroup/libpng/pull/748",[97,103],[111,112],"X Refsource MISC","Issue Tracking",{"url":114,"sources":115,"tags":116},"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37",[97,103],[111,117],"Patch",[],{"date":120,"score":93,"percentile":121},"2026-04-20",0.01597,[123,126,129,133,136,139,142,145,148,151,154,157,160,162,165,168,171,174,176,179,181,184,187,189,193,196,199,201,204,207,209,212,216,218,221,224,227,230,233,236,239,242,245,248,251,254,257,260,262,265,268,270,273,277,280,283,286,289,292,295,297,300,302,304,306,308,311,314,317,320,323,326,329,332,335,338,341,344,346,349,352,355,358,361,364,367,370,373,376,379],{"date":124,"score":93,"percentile":125},"2025-11-25",0.01223,{"date":127,"score":93,"percentile":128},"2025-11-26",0.01158,{"date":130,"score":131,"percentile":132},"2025-11-27",0.00011,0.0096,{"date":134,"score":131,"percentile":135},"2025-11-28",0.00967,{"date":137,"score":131,"percentile":138},"2025-11-29",0.00997,{"date":140,"score":93,"percentile":141},"2025-11-30",0.01229,{"date":143,"score":93,"percentile":144},"2025-12-01",0.01258,{"date":146,"score":93,"percentile":147},"2025-12-02",0.01253,{"date":149,"score":93,"percentile":150},"2025-12-03",0.01257,{"date":152,"score":93,"percentile":153},"2025-12-04",0.0123,{"date":155,"score":93,"percentile":156},"2025-12-05",0.01245,{"date":158,"score":93,"percentile":159},"2025-12-06",0.01247,{"date":161,"score":93,"percentile":156},"2025-12-07",{"date":163,"score":93,"percentile":164},"2025-12-08",0.01246,{"date":166,"score":93,"percentile":167},"2025-12-09",0.01259,{"date":169,"score":93,"percentile":170},"2025-12-10",0.01269,{"date":172,"score":93,"percentile":173},"2025-12-11",0.01261,{"date":175,"score":93,"percentile":173},"2025-12-12",{"date":177,"score":93,"percentile":178},"2025-12-13",0.01248,{"date":180,"score":93,"percentile":164},"2025-12-14",{"date":182,"score":93,"percentile":183},"2025-12-15",0.01244,{"date":185,"score":93,"percentile":186},"2025-12-16",0.01249,{"date":188,"score":93,"percentile":159},"2025-12-17",{"date":190,"score":191,"percentile":192},"2025-12-18",0.00018,0.03673,{"date":194,"score":191,"percentile":195},"2025-12-19",0.03656,{"date":197,"score":191,"percentile":198},"2025-12-20",0.03654,{"date":200,"score":191,"percentile":192},"2025-12-21",{"date":202,"score":191,"percentile":203},"2025-12-22",0.03651,{"date":205,"score":191,"percentile":206},"2025-12-23",0.03661,{"date":208,"score":191,"percentile":195},"2025-12-24",{"date":210,"score":191,"percentile":211},"2025-12-25",0.0367,{"date":213,"score":214,"percentile":215},"2025-12-26",0.00019,0.04393,{"date":217,"score":214,"percentile":215},"2025-12-27",{"date":219,"score":214,"percentile":220},"2025-12-28",0.04394,{"date":222,"score":214,"percentile":223},"2025-12-29",0.04387,{"date":225,"score":214,"percentile":226},"2025-12-30",0.04325,{"date":228,"score":214,"percentile":229},"2025-12-31",0.04347,{"date":231,"score":214,"percentile":232},"2026-01-01",0.04428,{"date":234,"score":214,"percentile":235},"2026-01-02",0.04431,{"date":237,"score":214,"percentile":238},"2026-01-03",0.04417,{"date":240,"score":214,"percentile":241},"2026-01-04",0.04313,{"date":243,"score":214,"percentile":244},"2026-01-05",0.04268,{"date":246,"score":214,"percentile":247},"2026-01-06",0.04269,{"date":249,"score":214,"percentile":250},"2026-01-07",0.04289,{"date":252,"score":214,"percentile":253},"2026-01-08",0.04323,{"date":255,"score":214,"percentile":256},"2026-01-09",0.04326,{"date":258,"score":214,"percentile":259},"2026-01-10",0.04334,{"date":261,"score":214,"percentile":241},"2026-01-11",{"date":263,"score":214,"percentile":264},"2026-01-12",0.04311,{"date":266,"score":214,"percentile":267},"2026-01-13",0.04303,{"date":269,"score":214,"percentile":229},"2026-01-14",{"date":271,"score":214,"percentile":272},"2026-01-15",0.04264,{"date":274,"score":275,"percentile":276},"2026-01-16",0.00016,0.02798,{"date":278,"score":275,"percentile":279},"2026-01-17",0.028,{"date":281,"score":275,"percentile":282},"2026-01-18",0.02801,{"date":284,"score":275,"percentile":285},"2026-01-19",0.02795,{"date":287,"score":275,"percentile":288},"2026-01-20",0.02782,{"date":290,"score":275,"percentile":291},"2026-01-21",0.02776,{"date":293,"score":275,"percentile":294},"2026-01-22",0.02773,{"date":296,"score":275,"percentile":288},"2026-01-23",{"date":298,"score":275,"percentile":299},"2026-01-24",0.02803,{"date":301,"score":275,"percentile":279},"2026-01-25",{"date":303,"score":275,"percentile":285},"2026-01-26",{"date":305,"score":275,"percentile":285},"2026-01-27",{"date":307,"score":275,"percentile":276},"2026-01-28",{"date":309,"score":275,"percentile":310},"2026-01-29",0.02821,{"date":312,"score":275,"percentile":313},"2026-01-30",0.02827,{"date":315,"score":191,"percentile":316},"2026-01-31",0.03888,{"date":318,"score":191,"percentile":319},"2026-02-01",0.03994,{"date":321,"score":191,"percentile":322},"2026-02-02",0.0398,{"date":324,"score":191,"percentile":325},"2026-02-03",0.03974,{"date":327,"score":191,"percentile":328},"2026-02-04",0.03956,{"date":330,"score":191,"percentile":331},"2026-02-05",0.04008,{"date":333,"score":191,"percentile":334},"2026-02-06",0.04006,{"date":336,"score":191,"percentile":337},"2026-02-07",0.04027,{"date":339,"score":191,"percentile":340},"2026-02-08",0.04017,{"date":342,"score":191,"percentile":343},"2026-02-09",0.04001,{"date":345,"score":191,"percentile":319},"2026-02-10",{"date":347,"score":191,"percentile":348},"2026-02-11",0.04097,{"date":350,"score":191,"percentile":351},"2026-02-12",0.04164,{"date":353,"score":191,"percentile":354},"2026-02-13",0.04182,{"date":356,"score":191,"percentile":357},"2026-02-14",0.04217,{"date":359,"score":191,"percentile":360},"2026-02-15",0.04236,{"date":362,"score":191,"percentile":363},"2026-02-16",0.04231,{"date":365,"score":191,"percentile":366},"2026-02-17",0.04213,{"date":368,"score":191,"percentile":369},"2026-02-18",0.04481,{"date":371,"score":191,"percentile":372},"2026-02-19",0.04542,{"date":374,"score":191,"percentile":375},"2026-02-20",0.04501,{"date":377,"score":191,"percentile":378},"2026-02-21",0.04509,{"date":380,"score":191,"percentile":381},"2026-02-22",0.04506,[383,388],{"source":97,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":384,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":385,"vectorString":98,"impactScore":386,"exploitabilityScore":387},"MEDIUM",7,4.6,{"source":103,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":389,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":385,"vectorString":98,"impactScore":386,"exploitabilityScore":387},[391,401],{"ecosystem":9,"name":392,"vendor":392,"product":392,"cpe_part":393,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":394},"libpng","a",[395],{"version":396,"is_range":397,"range_type":398,"version_start":9,"version_start_type":9,"version_end":399,"version_end_type":400,"fixed_in":9},"lt1.6.51",true,"cpe","1.6.51","excluding",{"ecosystem":9,"name":392,"vendor":402,"product":392,"cpe_part":393,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":403},"pnggroup",[404],{"version":405,"is_range":397,"range_type":97,"version_start":9,"version_start_type":9,"version_end":399,"version_end_type":400,"fixed_in":9},"\u003C 1.6.51"]