[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-64506":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-20T17:17:01.048Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":61,"related":62,"reserved_at":9,"published_at":73,"modified_at":74,"state":75,"summary":76,"references_raw":85,"kevs":104,"epss":105,"epss_history":108,"metrics":368,"affected":376},"CVE-2025-64506","LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59],{"_key":28},"ALPINE-CVE-2025-64506",{"_key":30},"DEBIAN-CVE-2025-64506",{"_key":32},"DLA-4396-1",{"_key":34},"DSA-6076-1",{"_key":36},"SUSE-SU-2025:4533-1",{"_key":38},"USN-7924-1",{"_key":40},"OPENSUSE-SU-2025:15781-1",{"_key":42},"UBUNTU-CVE-2025-64506",{"_key":44},"SUSE-SU-2025:21217-1",{"_key":46},"SUSE-SU-2025:21220-1",{"_key":48},"SUSE-SU-2025:4436-1",{"_key":50},"SUSE-SU-2026:20030-1",{"_key":52},"SUSE-SU-2026:20073-1",{"_key":54},"SUSE-SU-2025:4494-1",{"_key":56},"OPENSUSE-SU-2026:20017-1",{"_key":58},"MGASA-2025-0314",{"_key":60},"RHSA-2026:6732",[],[63,64,65,66,67,68,69,70,71,72],{"_key":36},{"_key":40},{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},"2025-11-24T23:41:09.207Z","2025-11-25T19:27:04.161Z","Analyzed",{"cisa_kev":77,"cisa_ransomware":77,"cisa_vendor":9,"epss_severity":78,"epss_score":79,"severity":80,"severity_score":81,"severity_version":82,"severity_source":83,"severity_vector":84,"severity_status":75},false,"low",0.00018,"medium",6.1,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",[86,93,99],{"url":87,"sources":88,"tags":90},"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6",[83,89],"nvd",[91,92],"X Refsource CONFIRM","Vendor Advisory",{"url":94,"sources":95,"tags":96},"https://github.com/pnggroup/libpng/pull/749",[83,89],[97,98],"X Refsource MISC","Issue Tracking",{"url":100,"sources":101,"tags":102},"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821",[83,89],[97,103],"Patch",[],{"date":106,"score":79,"percentile":107},"2026-04-20",0.04528,[109,113,116,120,123,126,129,132,135,138,141,144,147,149,152,155,158,161,163,166,168,171,174,176,179,182,185,187,190,193,195,198,202,204,207,210,213,216,219,222,225,228,231,234,237,240,243,246,248,251,254,256,259,263,266,269,272,275,278,281,283,286,288,290,292,294,297,300,303,306,309,312,315,318,321,324,327,330,332,335,338,341,344,347,350,353,356,359,362,365],{"date":110,"score":111,"percentile":112},"2025-11-25",0.00012,0.01223,{"date":114,"score":111,"percentile":115},"2025-11-26",0.01158,{"date":117,"score":118,"percentile":119},"2025-11-27",0.00011,0.0096,{"date":121,"score":118,"percentile":122},"2025-11-28",0.00967,{"date":124,"score":118,"percentile":125},"2025-11-29",0.00997,{"date":127,"score":111,"percentile":128},"2025-11-30",0.01229,{"date":130,"score":111,"percentile":131},"2025-12-01",0.01258,{"date":133,"score":111,"percentile":134},"2025-12-02",0.01253,{"date":136,"score":111,"percentile":137},"2025-12-03",0.01257,{"date":139,"score":111,"percentile":140},"2025-12-04",0.0123,{"date":142,"score":111,"percentile":143},"2025-12-05",0.01245,{"date":145,"score":111,"percentile":146},"2025-12-06",0.01247,{"date":148,"score":111,"percentile":143},"2025-12-07",{"date":150,"score":111,"percentile":151},"2025-12-08",0.01246,{"date":153,"score":111,"percentile":154},"2025-12-09",0.01259,{"date":156,"score":111,"percentile":157},"2025-12-10",0.01269,{"date":159,"score":111,"percentile":160},"2025-12-11",0.01261,{"date":162,"score":111,"percentile":160},"2025-12-12",{"date":164,"score":111,"percentile":165},"2025-12-13",0.01248,{"date":167,"score":111,"percentile":151},"2025-12-14",{"date":169,"score":111,"percentile":170},"2025-12-15",0.01244,{"date":172,"score":111,"percentile":173},"2025-12-16",0.01249,{"date":175,"score":111,"percentile":146},"2025-12-17",{"date":177,"score":79,"percentile":178},"2025-12-18",0.03673,{"date":180,"score":79,"percentile":181},"2025-12-19",0.03656,{"date":183,"score":79,"percentile":184},"2025-12-20",0.03654,{"date":186,"score":79,"percentile":178},"2025-12-21",{"date":188,"score":79,"percentile":189},"2025-12-22",0.03651,{"date":191,"score":79,"percentile":192},"2025-12-23",0.03661,{"date":194,"score":79,"percentile":181},"2025-12-24",{"date":196,"score":79,"percentile":197},"2025-12-25",0.0367,{"date":199,"score":200,"percentile":201},"2025-12-26",0.00019,0.04393,{"date":203,"score":200,"percentile":201},"2025-12-27",{"date":205,"score":200,"percentile":206},"2025-12-28",0.04394,{"date":208,"score":200,"percentile":209},"2025-12-29",0.04387,{"date":211,"score":200,"percentile":212},"2025-12-30",0.04325,{"date":214,"score":200,"percentile":215},"2025-12-31",0.04347,{"date":217,"score":200,"percentile":218},"2026-01-01",0.04428,{"date":220,"score":200,"percentile":221},"2026-01-02",0.04431,{"date":223,"score":200,"percentile":224},"2026-01-03",0.04417,{"date":226,"score":200,"percentile":227},"2026-01-04",0.04313,{"date":229,"score":200,"percentile":230},"2026-01-05",0.04268,{"date":232,"score":200,"percentile":233},"2026-01-06",0.04269,{"date":235,"score":200,"percentile":236},"2026-01-07",0.04289,{"date":238,"score":200,"percentile":239},"2026-01-08",0.04323,{"date":241,"score":200,"percentile":242},"2026-01-09",0.04326,{"date":244,"score":200,"percentile":245},"2026-01-10",0.04334,{"date":247,"score":200,"percentile":227},"2026-01-11",{"date":249,"score":200,"percentile":250},"2026-01-12",0.04311,{"date":252,"score":200,"percentile":253},"2026-01-13",0.04303,{"date":255,"score":200,"percentile":215},"2026-01-14",{"date":257,"score":200,"percentile":258},"2026-01-15",0.04264,{"date":260,"score":261,"percentile":262},"2026-01-16",0.00016,0.02798,{"date":264,"score":261,"percentile":265},"2026-01-17",0.028,{"date":267,"score":261,"percentile":268},"2026-01-18",0.02801,{"date":270,"score":261,"percentile":271},"2026-01-19",0.02795,{"date":273,"score":261,"percentile":274},"2026-01-20",0.02782,{"date":276,"score":261,"percentile":277},"2026-01-21",0.02776,{"date":279,"score":261,"percentile":280},"2026-01-22",0.02773,{"date":282,"score":261,"percentile":274},"2026-01-23",{"date":284,"score":261,"percentile":285},"2026-01-24",0.02803,{"date":287,"score":261,"percentile":265},"2026-01-25",{"date":289,"score":261,"percentile":271},"2026-01-26",{"date":291,"score":261,"percentile":271},"2026-01-27",{"date":293,"score":261,"percentile":262},"2026-01-28",{"date":295,"score":261,"percentile":296},"2026-01-29",0.02821,{"date":298,"score":261,"percentile":299},"2026-01-30",0.02827,{"date":301,"score":79,"percentile":302},"2026-01-31",0.03888,{"date":304,"score":79,"percentile":305},"2026-02-01",0.03994,{"date":307,"score":79,"percentile":308},"2026-02-02",0.0398,{"date":310,"score":79,"percentile":311},"2026-02-03",0.03974,{"date":313,"score":79,"percentile":314},"2026-02-04",0.03956,{"date":316,"score":79,"percentile":317},"2026-02-05",0.04008,{"date":319,"score":79,"percentile":320},"2026-02-06",0.04006,{"date":322,"score":79,"percentile":323},"2026-02-07",0.04027,{"date":325,"score":79,"percentile":326},"2026-02-08",0.04017,{"date":328,"score":79,"percentile":329},"2026-02-09",0.04001,{"date":331,"score":79,"percentile":305},"2026-02-10",{"date":333,"score":79,"percentile":334},"2026-02-11",0.04097,{"date":336,"score":79,"percentile":337},"2026-02-12",0.04164,{"date":339,"score":79,"percentile":340},"2026-02-13",0.04182,{"date":342,"score":79,"percentile":343},"2026-02-14",0.04217,{"date":345,"score":79,"percentile":346},"2026-02-15",0.04236,{"date":348,"score":79,"percentile":349},"2026-02-16",0.04231,{"date":351,"score":79,"percentile":352},"2026-02-17",0.04213,{"date":354,"score":79,"percentile":355},"2026-02-18",0.04481,{"date":357,"score":79,"percentile":358},"2026-02-19",0.04542,{"date":360,"score":79,"percentile":361},"2026-02-20",0.04501,{"date":363,"score":79,"percentile":364},"2026-02-21",0.04509,{"date":366,"score":79,"percentile":367},"2026-02-22",0.04506,[369,374],{"source":83,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":370,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":371,"vectorString":84,"impactScore":372,"exploitabilityScore":373},"MEDIUM",7,4.6,{"source":89,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":375,"cvss_v4_0":9},{"baseScore":81,"baseSeverity":371,"vectorString":84,"impactScore":372,"exploitabilityScore":373},[377,389],{"ecosystem":9,"name":378,"vendor":378,"product":378,"cpe_part":379,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":380},"libpng","a",[381],{"version":382,"is_range":383,"range_type":384,"version_start":385,"version_start_type":386,"version_end":387,"version_end_type":388,"fixed_in":9},"gte1.6.0_lt1.6.51",true,"cpe","1.6.0","including","1.6.51","excluding",{"ecosystem":9,"name":378,"vendor":390,"product":378,"cpe_part":379,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":391},"pnggroup",[392],{"version":393,"is_range":383,"range_type":83,"version_start":385,"version_start_type":386,"version_end":387,"version_end_type":388,"fixed_in":9},">= 1.6.0, \u003C 1.6.51"]