[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-65018":6},{"stargazers_count":4,"fetched_at":5},5,"2026-04-20T17:17:01.048Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":30,"aliases":40,"duplicate_of":9,"upstream":41,"downstream":42,"duplicates":115,"related":116,"reserved_at":9,"published_at":128,"modified_at":129,"state":130,"summary":131,"references_raw":139,"kevs":167,"epss":168,"epss_history":171,"metrics":447,"affected":455},"CVE-2025-65018","LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.",null,[11,24],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-122","Heap-based Buffer Overflow","A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().","weakness","Draft","Variant","High",[20],{"id":21,"name":22,"techniques":23},"CAPEC-92","Forced Integer Overflow",[],{"_key":25,"id":25,"name":26,"description":27,"type":15,"status":16,"abstraction":28,"likelihood_of_exploit":18,"capec":29},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","Base",[],[31],{"_key":32,"name":33,"source":34,"url":35,"maturity":36,"reliability_score":37,"verified":38,"type":9,"platforms":39,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PNGGROUP_LIBPNG","Libpng","github","https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww","poc",0.3,false,[],[],[],[43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113],{"_key":44},"ALPINE-CVE-2025-65018",{"_key":46},"DEBIAN-CVE-2025-65018",{"_key":48},"DLA-4396-1",{"_key":50},"DSA-6076-1",{"_key":52},"SUSE-SU-2025:4533-1",{"_key":54},"USN-7924-1",{"_key":56},"OPENSUSE-SU-2025:15781-1",{"_key":58},"UBUNTU-CVE-2025-65018",{"_key":60},"SUSE-SU-2025:21217-1",{"_key":62},"SUSE-SU-2025:21220-1",{"_key":64},"SUSE-SU-2025:4436-1",{"_key":66},"SUSE-SU-2026:20030-1",{"_key":68},"SUSE-SU-2026:20073-1",{"_key":70},"SUSE-SU-2025:4494-1",{"_key":72},"OPENSUSE-SU-2026:20017-1",{"_key":74},"MGASA-2025-0314",{"_key":76},"MGASA-2026-0024",{"_key":78},"RHSA-2026:0125",{"_key":80},"RHSA-2026:0210",{"_key":82},"RHSA-2026:0211",{"_key":84},"RHSA-2026:0212",{"_key":86},"RHSA-2026:0216",{"_key":88},"RHSA-2026:0234",{"_key":90},"RHSA-2026:0237",{"_key":92},"RHSA-2026:0238",{"_key":94},"RHSA-2026:0241",{"_key":96},"RHSA-2026:0313",{"_key":98},"RHSA-2026:0321",{"_key":100},"RHSA-2026:0322",{"_key":102},"RHSA-2026:0323",{"_key":104},"RHSA-2026:0847",{"_key":106},"RHSA-2026:0927",{"_key":108},"RHSA-2026:0928",{"_key":110},"RHSA-2026:0932",{"_key":112},"RHSA-2026:0933",{"_key":114},"RHSA-2026:6732",[],[117,118,119,120,121,122,123,124,125,126,127],{"_key":52},{"_key":56},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},"2025-11-24T23:50:18.294Z","2025-11-25T19:29:33.633Z","Analyzed",{"cisa_kev":38,"cisa_ransomware":38,"cisa_vendor":9,"epss_severity":132,"epss_score":133,"severity":134,"severity_score":135,"severity_version":136,"severity_source":137,"severity_vector":138,"severity_status":130},"low",0.00068,"high",7.1,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",[140,148,154,158,163],{"url":141,"sources":142,"tags":144},"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",[137,143],"nvd",[145,146,147],"X Refsource CONFIRM","Exploit","Vendor Advisory",{"url":149,"sources":150,"tags":151},"https://github.com/pnggroup/libpng/issues/755",[137,143],[152,146,153],"X Refsource MISC","Issue Tracking",{"url":155,"sources":156,"tags":157},"https://github.com/pnggroup/libpng/pull/757",[137,143],[152,153],{"url":159,"sources":160,"tags":161},"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",[137,143],[152,162],"Patch",{"url":164,"sources":165,"tags":166},"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",[137,143],[152,162],[],{"date":169,"score":133,"percentile":170},"2026-04-20",0.2087,[172,176,179,183,186,189,193,196,199,202,205,208,211,214,217,220,223,226,229,232,234,237,240,243,247,250,253,256,259,262,265,268,272,275,278,281,284,287,290,293,295,298,302,305,308,311,314,317,320,323,326,329,332,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,382,385,388,391,394,397,399,402,405,408,411,414,417,420,423,426,429,432,435,438,441,444],{"date":173,"score":174,"percentile":175},"2025-11-25",0.00012,0.01239,{"date":177,"score":174,"percentile":178},"2025-11-26",0.01176,{"date":180,"score":181,"percentile":182},"2025-11-27",0.00019,0.04056,{"date":184,"score":181,"percentile":185},"2025-11-28",0.04049,{"date":187,"score":181,"percentile":188},"2025-11-29",0.04099,{"date":190,"score":191,"percentile":192},"2025-11-30",0.00018,0.03508,{"date":194,"score":191,"percentile":195},"2025-12-01",0.03602,{"date":197,"score":191,"percentile":198},"2025-12-02",0.03614,{"date":200,"score":191,"percentile":201},"2025-12-03",0.03625,{"date":203,"score":191,"percentile":204},"2025-12-04",0.03564,{"date":206,"score":191,"percentile":207},"2025-12-05",0.03615,{"date":209,"score":191,"percentile":210},"2025-12-06",0.0363,{"date":212,"score":191,"percentile":213},"2025-12-07",0.03632,{"date":215,"score":191,"percentile":216},"2025-12-08",0.03634,{"date":218,"score":191,"percentile":219},"2025-12-09",0.03671,{"date":221,"score":191,"percentile":222},"2025-12-10",0.03708,{"date":224,"score":191,"percentile":225},"2025-12-11",0.03695,{"date":227,"score":191,"percentile":228},"2025-12-12",0.03712,{"date":230,"score":191,"percentile":231},"2025-12-13",0.03717,{"date":233,"score":191,"percentile":228},"2025-12-14",{"date":235,"score":191,"percentile":236},"2025-12-15",0.03684,{"date":238,"score":191,"percentile":239},"2025-12-16",0.03701,{"date":241,"score":191,"percentile":242},"2025-12-17",0.03731,{"date":244,"score":245,"percentile":246},"2025-12-18",0.00027,0.07127,{"date":248,"score":245,"percentile":249},"2025-12-19",0.07123,{"date":251,"score":245,"percentile":252},"2025-12-20",0.07115,{"date":254,"score":245,"percentile":255},"2025-12-21",0.07103,{"date":257,"score":245,"percentile":258},"2025-12-22",0.07059,{"date":260,"score":245,"percentile":261},"2025-12-23",0.07056,{"date":263,"score":245,"percentile":264},"2025-12-24",0.07079,{"date":266,"score":245,"percentile":267},"2025-12-25",0.07147,{"date":269,"score":270,"percentile":271},"2025-12-26",0.0003,0.08078,{"date":273,"score":270,"percentile":274},"2025-12-27",0.08077,{"date":276,"score":270,"percentile":277},"2025-12-28",0.08079,{"date":279,"score":270,"percentile":280},"2025-12-29",0.08062,{"date":282,"score":270,"percentile":283},"2025-12-30",0.08036,{"date":285,"score":270,"percentile":286},"2025-12-31",0.08067,{"date":288,"score":270,"percentile":289},"2026-01-01",0.08131,{"date":291,"score":270,"percentile":292},"2026-01-02",0.08133,{"date":294,"score":270,"percentile":292},"2026-01-03",{"date":296,"score":270,"percentile":297},"2026-01-04",0.08068,{"date":299,"score":300,"percentile":301},"2026-01-05",0.0004,0.1208,{"date":303,"score":300,"percentile":304},"2026-01-06",0.12096,{"date":306,"score":300,"percentile":307},"2026-01-07",0.12131,{"date":309,"score":300,"percentile":310},"2026-01-08",0.12175,{"date":312,"score":300,"percentile":313},"2026-01-09",0.12197,{"date":315,"score":300,"percentile":316},"2026-01-10",0.12223,{"date":318,"score":300,"percentile":319},"2026-01-11",0.12195,{"date":321,"score":300,"percentile":322},"2026-01-12",0.12165,{"date":324,"score":300,"percentile":325},"2026-01-13",0.1214,{"date":327,"score":300,"percentile":328},"2026-01-14",0.12201,{"date":330,"score":300,"percentile":331},"2026-01-15",0.12203,{"date":333,"score":334,"percentile":335},"2026-01-16",0.00034,0.09565,{"date":337,"score":334,"percentile":338},"2026-01-17",0.09571,{"date":340,"score":334,"percentile":341},"2026-01-18",0.0954,{"date":343,"score":334,"percentile":344},"2026-01-19",0.09497,{"date":346,"score":334,"percentile":347},"2026-01-20",0.09471,{"date":349,"score":334,"percentile":350},"2026-01-21",0.09438,{"date":352,"score":334,"percentile":353},"2026-01-22",0.09425,{"date":355,"score":334,"percentile":356},"2026-01-23",0.09515,{"date":358,"score":334,"percentile":359},"2026-01-24",0.09572,{"date":361,"score":334,"percentile":362},"2026-01-25",0.09493,{"date":364,"score":334,"percentile":365},"2026-01-26",0.09453,{"date":367,"score":334,"percentile":368},"2026-01-27",0.09437,{"date":370,"score":334,"percentile":371},"2026-01-28",0.09421,{"date":373,"score":334,"percentile":374},"2026-01-29",0.09408,{"date":376,"score":334,"percentile":377},"2026-01-30",0.09418,{"date":379,"score":380,"percentile":381},"2026-01-31",0.00039,0.11513,{"date":383,"score":380,"percentile":384},"2026-02-01",0.11518,{"date":386,"score":380,"percentile":387},"2026-02-02",0.11476,{"date":389,"score":380,"percentile":390},"2026-02-03",0.11443,{"date":392,"score":380,"percentile":393},"2026-02-04",0.1144,{"date":395,"score":380,"percentile":396},"2026-02-05",0.11496,{"date":398,"score":380,"percentile":396},"2026-02-06",{"date":400,"score":380,"percentile":401},"2026-02-07",0.11515,{"date":403,"score":380,"percentile":404},"2026-02-08",0.115,{"date":406,"score":380,"percentile":407},"2026-02-09",0.11468,{"date":409,"score":380,"percentile":410},"2026-02-10",0.11419,{"date":412,"score":380,"percentile":413},"2026-02-11",0.11471,{"date":415,"score":380,"percentile":416},"2026-02-12",0.11494,{"date":418,"score":380,"percentile":419},"2026-02-13",0.11497,{"date":421,"score":380,"percentile":422},"2026-02-14",0.11484,{"date":424,"score":380,"percentile":425},"2026-02-15",0.11475,{"date":427,"score":380,"percentile":428},"2026-02-16",0.11422,{"date":430,"score":380,"percentile":431},"2026-02-17",0.11403,{"date":433,"score":380,"percentile":434},"2026-02-18",0.11677,{"date":436,"score":380,"percentile":437},"2026-02-19",0.1175,{"date":439,"score":380,"percentile":440},"2026-02-20",0.11738,{"date":442,"score":380,"percentile":443},"2026-02-21",0.11768,{"date":445,"score":380,"percentile":446},"2026-02-22",0.11764,[448,453],{"source":137,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":449,"cvss_v4_0":9},{"baseScore":135,"baseSeverity":450,"vectorString":138,"impactScore":451,"exploitabilityScore":452},"HIGH",8.7,4.6,{"source":143,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":454,"cvss_v4_0":9},{"baseScore":135,"baseSeverity":450,"vectorString":138,"impactScore":451,"exploitabilityScore":452},[456,468],{"ecosystem":9,"name":457,"vendor":457,"product":457,"cpe_part":458,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"libpng","a",[460],{"version":461,"is_range":462,"range_type":463,"version_start":464,"version_start_type":465,"version_end":466,"version_end_type":467,"fixed_in":9},"gte1.6.0_lt1.6.51",true,"cpe","1.6.0","including","1.6.51","excluding",{"ecosystem":9,"name":457,"vendor":469,"product":457,"cpe_part":458,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":470},"pnggroup",[471],{"version":472,"is_range":462,"range_type":137,"version_start":464,"version_start_type":465,"version_end":466,"version_end_type":467,"fixed_in":9},">= 1.6.0, \u003C 1.6.51"]