[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-64720":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-20T11:17:00.701Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":108,"related":109,"reserved_at":9,"published_at":121,"modified_at":122,"state":123,"summary":124,"references_raw":132,"kevs":155,"epss":156,"epss_history":159,"metrics":437,"affected":445},"CVE-2025-64720","LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[24],{"_key":25,"name":26,"source":27,"url":28,"maturity":29,"reliability_score":30,"verified":31,"type":9,"platforms":32,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PNGGROUP_LIBPNG","Libpng","github","https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww","poc",0.3,false,[],[],[],[36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106],{"_key":37},"ALPINE-CVE-2025-64720",{"_key":39},"DEBIAN-CVE-2025-64720",{"_key":41},"DLA-4396-1",{"_key":43},"DSA-6076-1",{"_key":45},"SUSE-SU-2025:4533-1",{"_key":47},"USN-7924-1",{"_key":49},"OPENSUSE-SU-2025:15781-1",{"_key":51},"UBUNTU-CVE-2025-64720",{"_key":53},"SUSE-SU-2025:21217-1",{"_key":55},"SUSE-SU-2025:21220-1",{"_key":57},"SUSE-SU-2025:4436-1",{"_key":59},"SUSE-SU-2026:20030-1",{"_key":61},"SUSE-SU-2026:20073-1",{"_key":63},"SUSE-SU-2025:4494-1",{"_key":65},"OPENSUSE-SU-2026:20017-1",{"_key":67},"MGASA-2025-0314",{"_key":69},"MGASA-2026-0024",{"_key":71},"RHSA-2026:0125",{"_key":73},"RHSA-2026:0210",{"_key":75},"RHSA-2026:0211",{"_key":77},"RHSA-2026:0212",{"_key":79},"RHSA-2026:0216",{"_key":81},"RHSA-2026:0234",{"_key":83},"RHSA-2026:0237",{"_key":85},"RHSA-2026:0238",{"_key":87},"RHSA-2026:0241",{"_key":89},"RHSA-2026:0251",{"_key":91},"RHSA-2026:0313",{"_key":93},"RHSA-2026:0321",{"_key":95},"RHSA-2026:0322",{"_key":97},"RHSA-2026:0323",{"_key":99},"RHSA-2026:0847",{"_key":101},"RHSA-2026:0927",{"_key":103},"RHSA-2026:0928",{"_key":105},"RHSA-2026:0932",{"_key":107},"RHSA-2026:0933",[],[110,111,112,113,114,115,116,117,118,119,120],{"_key":45},{"_key":49},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},"2025-11-24T23:45:38.315Z","2025-11-25T19:28:20.336Z","Analyzed",{"cisa_kev":31,"cisa_ransomware":31,"cisa_vendor":9,"epss_severity":125,"epss_score":126,"severity":127,"severity_score":128,"severity_version":129,"severity_source":130,"severity_vector":131,"severity_status":123},"low",0.00101,"high",7.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",[133,140,146,151],{"url":28,"sources":134,"tags":136},[130,135],"nvd",[137,138,139],"X Refsource CONFIRM","Exploit","Vendor Advisory",{"url":141,"sources":142,"tags":143},"https://github.com/pnggroup/libpng/issues/686",[130,135],[144,138,145],"X Refsource MISC","Issue Tracking",{"url":147,"sources":148,"tags":149},"https://github.com/pnggroup/libpng/pull/751",[130,135],[144,145,150],"Patch",{"url":152,"sources":153,"tags":154},"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",[130,135],[144,150],[],{"date":157,"score":126,"percentile":158},"2026-04-19",0.27769,[160,164,167,171,174,177,180,183,186,189,192,195,198,201,204,207,210,213,216,219,222,225,228,231,235,238,241,244,247,250,253,256,260,263,266,269,272,275,278,281,284,287,291,294,297,300,303,306,309,312,315,318,321,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,371,374,377,380,383,386,389,392,395,398,401,404,407,410,413,416,419,422,425,428,431,434],{"date":161,"score":162,"percentile":163},"2025-11-25",0.00033,0.0895,{"date":165,"score":162,"percentile":166},"2025-11-26",0.08957,{"date":168,"score":169,"percentile":170},"2025-11-27",0.00037,0.10318,{"date":172,"score":169,"percentile":173},"2025-11-28",0.10309,{"date":175,"score":169,"percentile":176},"2025-11-29",0.10304,{"date":178,"score":162,"percentile":179},"2025-11-30",0.09055,{"date":181,"score":162,"percentile":182},"2025-12-01",0.09099,{"date":184,"score":162,"percentile":185},"2025-12-02",0.09113,{"date":187,"score":162,"percentile":188},"2025-12-03",0.09142,{"date":190,"score":162,"percentile":191},"2025-12-04",0.09137,{"date":193,"score":162,"percentile":194},"2025-12-05",0.09191,{"date":196,"score":162,"percentile":197},"2025-12-06",0.09206,{"date":199,"score":162,"percentile":200},"2025-12-07",0.09212,{"date":202,"score":162,"percentile":203},"2025-12-08",0.09217,{"date":205,"score":162,"percentile":206},"2025-12-09",0.09277,{"date":208,"score":162,"percentile":209},"2025-12-10",0.09356,{"date":211,"score":162,"percentile":212},"2025-12-11",0.09395,{"date":214,"score":162,"percentile":215},"2025-12-12",0.09421,{"date":217,"score":162,"percentile":218},"2025-12-13",0.09405,{"date":220,"score":162,"percentile":221},"2025-12-14",0.09397,{"date":223,"score":162,"percentile":224},"2025-12-15",0.09311,{"date":226,"score":162,"percentile":227},"2025-12-16",0.09296,{"date":229,"score":162,"percentile":230},"2025-12-17",0.09382,{"date":232,"score":233,"percentile":234},"2025-12-18",0.0005,0.15724,{"date":236,"score":233,"percentile":237},"2025-12-19",0.15771,{"date":239,"score":233,"percentile":240},"2025-12-20",0.15747,{"date":242,"score":233,"percentile":243},"2025-12-21",0.15712,{"date":245,"score":233,"percentile":246},"2025-12-22",0.1566,{"date":248,"score":233,"percentile":249},"2025-12-23",0.1565,{"date":251,"score":233,"percentile":252},"2025-12-24",0.15659,{"date":254,"score":233,"percentile":255},"2025-12-25",0.15735,{"date":257,"score":258,"percentile":259},"2025-12-26",0.00054,0.17284,{"date":261,"score":258,"percentile":262},"2025-12-27",0.1728,{"date":264,"score":258,"percentile":265},"2025-12-28",0.17239,{"date":267,"score":258,"percentile":268},"2025-12-29",0.17206,{"date":270,"score":258,"percentile":271},"2025-12-30",0.1722,{"date":273,"score":258,"percentile":274},"2025-12-31",0.17292,{"date":276,"score":258,"percentile":277},"2026-01-01",0.17388,{"date":279,"score":258,"percentile":280},"2026-01-02",0.17376,{"date":282,"score":258,"percentile":283},"2026-01-03",0.17359,{"date":285,"score":258,"percentile":286},"2026-01-04",0.17257,{"date":288,"score":289,"percentile":290},"2026-01-05",0.00074,0.22646,{"date":292,"score":289,"percentile":293},"2026-01-06",0.22655,{"date":295,"score":289,"percentile":296},"2026-01-07",0.22691,{"date":298,"score":289,"percentile":299},"2026-01-08",0.22748,{"date":301,"score":289,"percentile":302},"2026-01-09",0.22744,{"date":304,"score":289,"percentile":305},"2026-01-10",0.22732,{"date":307,"score":289,"percentile":308},"2026-01-11",0.22701,{"date":310,"score":289,"percentile":311},"2026-01-12",0.22664,{"date":313,"score":289,"percentile":314},"2026-01-13",0.22641,{"date":316,"score":289,"percentile":317},"2026-01-14",0.22702,{"date":319,"score":289,"percentile":320},"2026-01-15",0.22699,{"date":322,"score":323,"percentile":324},"2026-01-16",0.00062,0.19583,{"date":326,"score":323,"percentile":327},"2026-01-17",0.19596,{"date":329,"score":323,"percentile":330},"2026-01-18",0.19547,{"date":332,"score":323,"percentile":333},"2026-01-19",0.19498,{"date":335,"score":323,"percentile":336},"2026-01-20",0.19483,{"date":338,"score":323,"percentile":339},"2026-01-21",0.1945,{"date":341,"score":323,"percentile":342},"2026-01-22",0.19391,{"date":344,"score":323,"percentile":345},"2026-01-23",0.19491,{"date":347,"score":323,"percentile":348},"2026-01-24",0.19516,{"date":350,"score":323,"percentile":351},"2026-01-25",0.19443,{"date":353,"score":323,"percentile":354},"2026-01-26",0.19343,{"date":356,"score":323,"percentile":357},"2026-01-27",0.19335,{"date":359,"score":323,"percentile":360},"2026-01-28",0.19333,{"date":362,"score":323,"percentile":363},"2026-01-29",0.19305,{"date":365,"score":323,"percentile":366},"2026-01-30",0.19315,{"date":368,"score":369,"percentile":370},"2026-01-31",0.00071,0.2179,{"date":372,"score":369,"percentile":373},"2026-02-01",0.21831,{"date":375,"score":369,"percentile":376},"2026-02-02",0.21777,{"date":378,"score":369,"percentile":379},"2026-02-03",0.21753,{"date":381,"score":369,"percentile":382},"2026-02-04",0.21711,{"date":384,"score":369,"percentile":385},"2026-02-05",0.21751,{"date":387,"score":369,"percentile":388},"2026-02-06",0.21772,{"date":390,"score":369,"percentile":391},"2026-02-07",0.21784,{"date":393,"score":369,"percentile":394},"2026-02-08",0.2175,{"date":396,"score":369,"percentile":397},"2026-02-09",0.21706,{"date":399,"score":369,"percentile":400},"2026-02-10",0.21646,{"date":402,"score":369,"percentile":403},"2026-02-11",0.21633,{"date":405,"score":369,"percentile":406},"2026-02-12",0.21663,{"date":408,"score":369,"percentile":409},"2026-02-13",0.2165,{"date":411,"score":369,"percentile":412},"2026-02-14",0.21625,{"date":414,"score":369,"percentile":415},"2026-02-15",0.21595,{"date":417,"score":369,"percentile":418},"2026-02-16",0.21564,{"date":420,"score":369,"percentile":421},"2026-02-17",0.21532,{"date":423,"score":369,"percentile":424},"2026-02-18",0.21614,{"date":426,"score":369,"percentile":427},"2026-02-19",0.2166,{"date":429,"score":369,"percentile":430},"2026-02-20",0.21678,{"date":432,"score":369,"percentile":433},"2026-02-21",0.21725,{"date":435,"score":369,"percentile":436},"2026-02-22",0.2171,[438,443],{"source":130,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":439,"cvss_v4_0":9},{"baseScore":128,"baseSeverity":440,"vectorString":131,"impactScore":441,"exploitabilityScore":442},"HIGH",7,7.2,{"source":135,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":444,"cvss_v4_0":9},{"baseScore":128,"baseSeverity":440,"vectorString":131,"impactScore":441,"exploitabilityScore":442},[446,458],{"ecosystem":9,"name":447,"vendor":447,"product":447,"cpe_part":448,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":449},"libpng","a",[450],{"version":451,"is_range":452,"range_type":453,"version_start":454,"version_start_type":455,"version_end":456,"version_end_type":457,"fixed_in":9},"gte1.6.0_lt1.6.51",true,"cpe","1.6.0","including","1.6.51","excluding",{"ecosystem":9,"name":447,"vendor":459,"product":447,"cpe_part":448,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"pnggroup",[461],{"version":462,"is_range":452,"range_type":130,"version_start":454,"version_start_type":455,"version_end":456,"version_end_type":457,"fixed_in":9},">= 1.6.0, \u003C 1.6.51"]