Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

Type deb

Namespace debian

Name libpng1.6

Version 1.6.39-2+deb12u1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.6.39-2+deb12u4

Latest_non_vulnerable_version 1.6.58-1

Affected_by_vulnerabilities

url VCID-uxj6-4181-rygt

vulnerability_id VCID-uxj6-4181-rygt

summary libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-28164

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03315
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03304
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04624
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04489
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04471
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0444
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04448
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04586
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04464
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04497
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04513
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04503
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-28164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2433398
reference_id	2433398
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2433398

reference_url

https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20

reference_id

506516f8c22178005b4379c8b2a7de20

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/

url

https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20

reference_url

https://github.com/pnggroup/libpng/issues/655

reference_id

655

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/

url

https://github.com/pnggroup/libpng/issues/655

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://usn.ubuntu.com/7993-1/
reference_id	USN-7993-1
reference_type
scores
url	https://usn.ubuntu.com/7993-1/

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4
purl	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4

aliases CVE-2025-28164

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxj6-4181-rygt

url VCID-uxqz-nx2v-6yc5

vulnerability_id VCID-uxqz-nx2v-6yc5

summary libpng: libpng: Denial of Service via buffer overflow in pngimage utility

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-28162

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03315
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03304
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04624
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04489
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04471
published_at	2026-04-13T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.0444
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04448
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04586
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04464
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04497
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04513
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04503
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-28162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2433407
reference_id	2433407
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2433407

reference_url

https://github.com/pnggroup/libpng/issues/656

reference_id

656

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/

url

https://github.com/pnggroup/libpng/issues/656

reference_url

https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60

reference_id

fbfdb9b5610c6b3db0d5dea045a07c60

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/

url

https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://usn.ubuntu.com/7993-1/
reference_id	USN-7993-1
reference_type
scores
url	https://usn.ubuntu.com/7993-1/

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4
purl	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4

aliases CVE-2025-28162

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxqz-nx2v-6yc5

url VCID-zmjn-418h-ebg8

vulnerability_id VCID-zmjn-418h-ebg8

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34757.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34757

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01728
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01717
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01718
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03491
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0348
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03624
published_at	2026-04-24T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03618
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34757

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34757

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051
reference_id	1133051
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133051

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2456918
reference_id	2456918
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2456918

reference_url

https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a

reference_id

398cbe3df03f4e11bb031e07f416dfdde3684e8a

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/

url

https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a

reference_url

https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc

reference_id

55d20aaa322c9274491cda82c5cd4f99b48c6bcc

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/

url

https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc

reference_url

https://github.com/pnggroup/libpng/issues/836

reference_id

836

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/

url

https://github.com/pnggroup/libpng/issues/836

reference_url

https://github.com/pnggroup/libpng/issues/837

reference_id

837

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/

url

https://github.com/pnggroup/libpng/issues/837

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645

reference_id

GHSA-6fr7-g8h7-v645

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T16:07:19Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645

fixed_packages

url	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4
purl	pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u4

url	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4
purl	pkg:deb/debian/libpng1.6@1.6.48-1%2Bdeb13u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.48-1%252Bdeb13u4

url	pkg:deb/debian/libpng1.6@1.6.57-1
purl	pkg:deb/debian/libpng1.6@1.6.57-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.57-1

url	pkg:deb/debian/libpng1.6@1.6.58-1
purl	pkg:deb/debian/libpng1.6@1.6.58-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.58-1

aliases CVE-2026-34757

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmjn-418h-ebg8

Fixing_vulnerabilities

url VCID-7923-9g38-jqc3

vulnerability_id VCID-7923-9g38-jqc3

summary Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-65018

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.15265
published_at	2026-04-24T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17492
published_at	2026-04-21T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26497
published_at	2026-04-02T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26541
published_at	2026-04-04T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26322
published_at	2026-04-07T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.2639
published_at	2026-04-08T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26441
published_at	2026-04-09T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26449
published_at	2026-04-11T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26403
published_at	2026-04-12T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26344
published_at	2026-04-13T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26351
published_at	2026-04-16T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26325
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-65018

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216
reference_id	1121216
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216

reference_url

https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d

reference_id

16b5e3823918840aae65c0a6da57c78a5a496a4d

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d

reference_url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_id

218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416907
reference_id	2416907
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416907

reference_url

https://github.com/pnggroup/libpng/issues/755

reference_id

755

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/issues/755

reference_url

https://github.com/pnggroup/libpng/pull/757

reference_id

757

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/pull/757

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g

reference_id

GHSA-7wv6-48j4-hj3g

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g

reference_url	https://security.gentoo.org/glsa/202511-06
reference_id	GLSA-202511-06
reference_type
scores
url	https://security.gentoo.org/glsa/202511-06

reference_url	https://access.redhat.com/errata/RHSA-2026:0125
reference_id	RHSA-2026:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0125

reference_url	https://access.redhat.com/errata/RHSA-2026:0210
reference_id	RHSA-2026:0210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0210

reference_url	https://access.redhat.com/errata/RHSA-2026:0211
reference_id	RHSA-2026:0211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0211

reference_url	https://access.redhat.com/errata/RHSA-2026:0212
reference_id	RHSA-2026:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0212

reference_url	https://access.redhat.com/errata/RHSA-2026:0216
reference_id	RHSA-2026:0216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0216

reference_url	https://access.redhat.com/errata/RHSA-2026:0234
reference_id	RHSA-2026:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0234

reference_url	https://access.redhat.com/errata/RHSA-2026:0237
reference_id	RHSA-2026:0237
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0237

reference_url	https://access.redhat.com/errata/RHSA-2026:0238
reference_id	RHSA-2026:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0238

reference_url	https://access.redhat.com/errata/RHSA-2026:0241
reference_id	RHSA-2026:0241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0241

reference_url	https://access.redhat.com/errata/RHSA-2026:0313
reference_id	RHSA-2026:0313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0313

reference_url	https://access.redhat.com/errata/RHSA-2026:0321
reference_id	RHSA-2026:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0321

reference_url	https://access.redhat.com/errata/RHSA-2026:0322
reference_id	RHSA-2026:0322
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0322

reference_url	https://access.redhat.com/errata/RHSA-2026:0323
reference_id	RHSA-2026:0323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0323

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0847
reference_id	RHSA-2026:0847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0847

reference_url	https://access.redhat.com/errata/RHSA-2026:0848
reference_id	RHSA-2026:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0848

reference_url	https://access.redhat.com/errata/RHSA-2026:0849
reference_id	RHSA-2026:0849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0849

reference_url	https://access.redhat.com/errata/RHSA-2026:0895
reference_id	RHSA-2026:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0895

reference_url	https://access.redhat.com/errata/RHSA-2026:0897
reference_id	RHSA-2026:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0897

reference_url	https://access.redhat.com/errata/RHSA-2026:0899
reference_id	RHSA-2026:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0899

reference_url	https://access.redhat.com/errata/RHSA-2026:0901
reference_id	RHSA-2026:0901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0901

reference_url	https://access.redhat.com/errata/RHSA-2026:0927
reference_id	RHSA-2026:0927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0927

reference_url	https://access.redhat.com/errata/RHSA-2026:0928
reference_id	RHSA-2026:0928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0928

reference_url	https://access.redhat.com/errata/RHSA-2026:0932
reference_id	RHSA-2026:0932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0932

reference_url	https://access.redhat.com/errata/RHSA-2026:0933
reference_id	RHSA-2026:0933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0933

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://usn.ubuntu.com/7924-1/
reference_id	USN-7924-1
reference_type
scores
url	https://usn.ubuntu.com/7924-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2025-65018

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7923-9g38-jqc3

url VCID-7qam-er5a-gbas

vulnerability_id VCID-7qam-er5a-gbas

summary libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22801

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04618
published_at	2026-04-02T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04807
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04625
published_at	2026-04-16T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04633
published_at	2026-04-18T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04773
published_at	2026-04-21T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04642
published_at	2026-04-04T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04654
published_at	2026-04-07T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04688
published_at	2026-04-08T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.047
published_at	2026-04-09T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04692
published_at	2026-04-11T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04674
published_at	2026-04-12T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04658
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444
reference_id	1125444
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428824
reference_id	2428824
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428824

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

reference_id

GHSA-vgjq-8cw5-ggw8

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8

reference_url	https://access.redhat.com/errata/RHSA-2026:3405
reference_id	RHSA-2026:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3405

reference_url	https://access.redhat.com/errata/RHSA-2026:3551
reference_id	RHSA-2026:3551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3551

reference_url	https://access.redhat.com/errata/RHSA-2026:3573
reference_id	RHSA-2026:3573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3573

reference_url	https://access.redhat.com/errata/RHSA-2026:3574
reference_id	RHSA-2026:3574
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3574

reference_url	https://access.redhat.com/errata/RHSA-2026:3575
reference_id	RHSA-2026:3575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3575

reference_url	https://access.redhat.com/errata/RHSA-2026:3576
reference_id	RHSA-2026:3576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3576

reference_url	https://access.redhat.com/errata/RHSA-2026:3577
reference_id	RHSA-2026:3577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3577

reference_url	https://access.redhat.com/errata/RHSA-2026:4306
reference_id	RHSA-2026:4306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4306

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4728
reference_id	RHSA-2026:4728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4728

reference_url	https://access.redhat.com/errata/RHSA-2026:4729
reference_id	RHSA-2026:4729
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4729

reference_url	https://access.redhat.com/errata/RHSA-2026:4730
reference_id	RHSA-2026:4730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4730

reference_url	https://access.redhat.com/errata/RHSA-2026:4731
reference_id	RHSA-2026:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4731

reference_url	https://access.redhat.com/errata/RHSA-2026:4732
reference_id	RHSA-2026:4732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4732

reference_url	https://access.redhat.com/errata/RHSA-2026:5606
reference_id	RHSA-2026:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5606

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:8746
reference_id	RHSA-2026:8746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8746

reference_url	https://access.redhat.com/errata/RHSA-2026:8747
reference_id	RHSA-2026:8747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8747

reference_url	https://access.redhat.com/errata/RHSA-2026:8748
reference_id	RHSA-2026:8748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2026-22801

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7qam-er5a-gbas

url VCID-dm7h-c7wt-1kbs

vulnerability_id VCID-dm7h-c7wt-1kbs

summary libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33416

reference_id

reference_type

scores

value	0.00037
scoring_system	epss
scoring_elements	0.10979
published_at	2026-04-24T12:55:00Z

value	0.00037
scoring_system	epss
scoring_elements	0.11022
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12874
published_at	2026-04-13T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12779
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12775
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.13064
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12864
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12943
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12994
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12954
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12919
published_at	2026-04-12T12:55:00Z

value	0.00051
scoring_system	epss
scoring_elements	0.15898
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33416

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012
reference_id	1132012
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012

reference_url

https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb

reference_id

23019269764e35ed8458e517f1897bd3c54820eb

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451805
reference_id	2451805
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451805

reference_url

https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_id

7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667

reference_url

https://github.com/pnggroup/libpng/pull/824

reference_id

824

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/pull/824

reference_url

https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_id

a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25

reference_url

https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_id

c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

reference_id

GHSA-m4pc-p4q3-4c7j

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

reference_url	https://access.redhat.com/errata/RHSA-2026:8459
reference_id	RHSA-2026:8459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8459

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9345
reference_id	RHSA-2026:9345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9345

reference_url	https://access.redhat.com/errata/RHSA-2026:9638
reference_id	RHSA-2026:9638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9638

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2026-33416

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs

url VCID-gk2b-sstt-2fgh

vulnerability_id VCID-gk2b-sstt-2fgh

summary libpng: memory leak of png_info struct in pngcp.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6129.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-6129

reference_id

reference_type

scores

value	0.00284
scoring_system	epss
scoring_elements	0.51731
published_at	2026-04-01T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51814
published_at	2026-04-24T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51883
published_at	2026-04-18T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51866
published_at	2026-04-21T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51781
published_at	2026-04-02T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51806
published_at	2026-04-04T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51767
published_at	2026-04-07T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51822
published_at	2026-04-08T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51819
published_at	2026-04-09T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.5187
published_at	2026-04-11T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.5185
published_at	2026-04-12T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51835
published_at	2026-04-13T12:55:00Z

value	0.00284
scoring_system	epss
scoring_elements	0.51877
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-6129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6129

reference_url	https://github.com/glennrp/libpng/issues/269
reference_id
reference_type
scores
url	https://github.com/glennrp/libpng/issues/269

reference_url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1667127
reference_id	1667127
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1667127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.36:::::::*
reference_id	cpe:2.3:a:libpng:libpng:1.6.36:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:1.6.36:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-6129

reference_id

CVE-2019-6129

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-6129

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2019-6129

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gk2b-sstt-2fgh

url VCID-j7dk-wzkm-tfcr

vulnerability_id VCID-j7dk-wzkm-tfcr

summary libpng: LIBPNG out-of-bounds read in png_image_read_composite

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66293

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.24185
published_at	2026-04-02T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30216
published_at	2026-04-24T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30323
published_at	2026-04-07T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30382
published_at	2026-04-08T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30416
published_at	2026-04-09T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30418
published_at	2026-04-11T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30374
published_at	2026-04-12T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30326
published_at	2026-04-13T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30342
published_at	2026-04-16T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30324
published_at	2026-04-18T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30279
published_at	2026-04-21T12:55:00Z

value	0.00116
scoring_system	epss
scoring_elements	0.30511
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66293

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877
reference_id	1121877
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2418711
reference_id	2418711
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2418711

reference_url

https://github.com/pnggroup/libpng/issues/764

reference_id

764

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/issues/764

reference_url

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

reference_id

788a624d7387a758ffd5c7ab010f1870dea753a1

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

reference_url

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_id

a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

reference_id

GHSA-9mpm-9pxh-mg4f

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

reference_url	https://access.redhat.com/errata/RHSA-2026:0125
reference_id	RHSA-2026:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0125

reference_url	https://access.redhat.com/errata/RHSA-2026:0210
reference_id	RHSA-2026:0210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0210

reference_url	https://access.redhat.com/errata/RHSA-2026:0211
reference_id	RHSA-2026:0211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0211

reference_url	https://access.redhat.com/errata/RHSA-2026:0212
reference_id	RHSA-2026:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0212

reference_url	https://access.redhat.com/errata/RHSA-2026:0216
reference_id	RHSA-2026:0216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0216

reference_url	https://access.redhat.com/errata/RHSA-2026:0234
reference_id	RHSA-2026:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0234

reference_url	https://access.redhat.com/errata/RHSA-2026:0237
reference_id	RHSA-2026:0237
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0237

reference_url	https://access.redhat.com/errata/RHSA-2026:0238
reference_id	RHSA-2026:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0238

reference_url	https://access.redhat.com/errata/RHSA-2026:0241
reference_id	RHSA-2026:0241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0241

reference_url	https://access.redhat.com/errata/RHSA-2026:0313
reference_id	RHSA-2026:0313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0313

reference_url	https://access.redhat.com/errata/RHSA-2026:0321
reference_id	RHSA-2026:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0321

reference_url	https://access.redhat.com/errata/RHSA-2026:0322
reference_id	RHSA-2026:0322
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0322

reference_url	https://access.redhat.com/errata/RHSA-2026:0323
reference_id	RHSA-2026:0323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0323

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:2072
reference_id	RHSA-2026:2072
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2072

reference_url	https://access.redhat.com/errata/RHSA-2026:2633
reference_id	RHSA-2026:2633
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2633

reference_url	https://access.redhat.com/errata/RHSA-2026:2659
reference_id	RHSA-2026:2659
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2659

reference_url	https://access.redhat.com/errata/RHSA-2026:2671
reference_id	RHSA-2026:2671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2671

reference_url	https://access.redhat.com/errata/RHSA-2026:2974
reference_id	RHSA-2026:2974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2974

reference_url	https://access.redhat.com/errata/RHSA-2026:3415
reference_id	RHSA-2026:3415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3415

reference_url	https://access.redhat.com/errata/RHSA-2026:3861
reference_id	RHSA-2026:3861
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3861

reference_url	https://access.redhat.com/errata/RHSA-2026:4419
reference_id	RHSA-2026:4419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4419

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2025-66293

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7dk-wzkm-tfcr

url VCID-kwag-k17x-kyaj

vulnerability_id VCID-kwag-k17x-kyaj

summary Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64505

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01541
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01698
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07201
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07304
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.073
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07286
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07276
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07207
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07202
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07245
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07223
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219
reference_id	1121219
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416905
reference_id	2416905
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416905

reference_url

https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37

reference_id

6a528eb5fd0dd7f6de1c39d30de0e41473431c37

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/

url

https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37

reference_url

https://github.com/pnggroup/libpng/pull/748

reference_id

748

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/

url

https://github.com/pnggroup/libpng/pull/748

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42

reference_id

GHSA-4952-h5wq-4m42

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42

reference_url	https://security.gentoo.org/glsa/202511-06
reference_id	GLSA-202511-06
reference_type
scores
url	https://security.gentoo.org/glsa/202511-06

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://usn.ubuntu.com/7924-1/
reference_id	USN-7924-1
reference_type
scores
url	https://usn.ubuntu.com/7924-1/

reference_url	https://usn.ubuntu.com/8081-1/
reference_id	USN-8081-1
reference_type
scores
url	https://usn.ubuntu.com/8081-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2025-64505

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwag-k17x-kyaj

url VCID-n4kj-urjq-2uav

vulnerability_id VCID-n4kj-urjq-2uav

summary Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64720

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.16669
published_at	2026-04-24T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17858
published_at	2026-04-21T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27983
published_at	2026-04-02T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.28025
published_at	2026-04-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27816
published_at	2026-04-07T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27883
published_at	2026-04-12T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27924
published_at	2026-04-09T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27925
published_at	2026-04-11T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27824
published_at	2026-04-13T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27831
published_at	2026-04-16T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27809
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64720

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643

reference_id

08da33b4c88cfcd36e5a706558a8d7e0e4773643

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/

url

https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217
reference_id	1121217
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416904
reference_id	2416904
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416904

reference_url

https://github.com/pnggroup/libpng/issues/686

reference_id

686

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/

url

https://github.com/pnggroup/libpng/issues/686

reference_url

https://github.com/pnggroup/libpng/pull/751

reference_id

751

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/

url

https://github.com/pnggroup/libpng/pull/751

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww

reference_id

GHSA-hfc7-ph9c-wcww

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww

reference_url	https://security.gentoo.org/glsa/202511-06
reference_id	GLSA-202511-06
reference_type
scores
url	https://security.gentoo.org/glsa/202511-06

reference_url	https://access.redhat.com/errata/RHSA-2026:0125
reference_id	RHSA-2026:0125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0125

reference_url	https://access.redhat.com/errata/RHSA-2026:0210
reference_id	RHSA-2026:0210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0210

reference_url	https://access.redhat.com/errata/RHSA-2026:0211
reference_id	RHSA-2026:0211
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0211

reference_url	https://access.redhat.com/errata/RHSA-2026:0212
reference_id	RHSA-2026:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0212

reference_url	https://access.redhat.com/errata/RHSA-2026:0216
reference_id	RHSA-2026:0216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0216

reference_url	https://access.redhat.com/errata/RHSA-2026:0234
reference_id	RHSA-2026:0234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0234

reference_url	https://access.redhat.com/errata/RHSA-2026:0237
reference_id	RHSA-2026:0237
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0237

reference_url	https://access.redhat.com/errata/RHSA-2026:0238
reference_id	RHSA-2026:0238
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0238

reference_url	https://access.redhat.com/errata/RHSA-2026:0241
reference_id	RHSA-2026:0241
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0241

reference_url	https://access.redhat.com/errata/RHSA-2026:0251
reference_id	RHSA-2026:0251
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0251

reference_url	https://access.redhat.com/errata/RHSA-2026:0313
reference_id	RHSA-2026:0313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0313

reference_url	https://access.redhat.com/errata/RHSA-2026:0321
reference_id	RHSA-2026:0321
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0321

reference_url	https://access.redhat.com/errata/RHSA-2026:0322
reference_id	RHSA-2026:0322
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0322

reference_url	https://access.redhat.com/errata/RHSA-2026:0323
reference_id	RHSA-2026:0323
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0323

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0847
reference_id	RHSA-2026:0847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0847

reference_url	https://access.redhat.com/errata/RHSA-2026:0848
reference_id	RHSA-2026:0848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0848

reference_url	https://access.redhat.com/errata/RHSA-2026:0849
reference_id	RHSA-2026:0849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0849

reference_url	https://access.redhat.com/errata/RHSA-2026:0895
reference_id	RHSA-2026:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0895

reference_url	https://access.redhat.com/errata/RHSA-2026:0897
reference_id	RHSA-2026:0897
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0897

reference_url	https://access.redhat.com/errata/RHSA-2026:0899
reference_id	RHSA-2026:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0899

reference_url	https://access.redhat.com/errata/RHSA-2026:0901
reference_id	RHSA-2026:0901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0901

reference_url	https://access.redhat.com/errata/RHSA-2026:0927
reference_id	RHSA-2026:0927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0927

reference_url	https://access.redhat.com/errata/RHSA-2026:0928
reference_id	RHSA-2026:0928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0928

reference_url	https://access.redhat.com/errata/RHSA-2026:0932
reference_id	RHSA-2026:0932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0932

reference_url	https://access.redhat.com/errata/RHSA-2026:0933
reference_id	RHSA-2026:0933
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0933

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://usn.ubuntu.com/7924-1/
reference_id	USN-7924-1
reference_type
scores
url	https://usn.ubuntu.com/7924-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2025-64720

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kj-urjq-2uav

url VCID-p6b5-1ba6-b3f8

vulnerability_id VCID-p6b5-1ba6-b3f8

summary Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64506

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.04344
published_at	2026-04-24T12:55:00Z

value	0.00018
scoring_system	epss
scoring_elements	0.04685
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07201
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07304
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.073
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07286
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07276
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07207
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07202
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07245
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07223
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218
reference_id	1121218
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2416906
reference_id	2416906
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2416906

reference_url

https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821

reference_id

2bd84c019c300b78e811743fbcddb67c9d9bf821

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/

url

https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821

reference_url

https://github.com/pnggroup/libpng/pull/749

reference_id

749

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/

url

https://github.com/pnggroup/libpng/pull/749

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6

reference_id

GHSA-qpr4-xm66-hww6

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6

reference_url	https://security.gentoo.org/glsa/202511-06
reference_id	GLSA-202511-06
reference_type
scores
url	https://security.gentoo.org/glsa/202511-06

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://usn.ubuntu.com/7924-1/
reference_id	USN-7924-1
reference_type
scores
url	https://usn.ubuntu.com/7924-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2025-64506

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6b5-1ba6-b3f8

url VCID-ptgq-884e-mkft

vulnerability_id VCID-ptgq-884e-mkft

summary libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33636

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09433
published_at	2026-04-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09521
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09508
published_at	2026-04-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09555
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09569
published_at	2026-04-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0954
published_at	2026-04-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09524
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09418
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0942
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10217
published_at	2026-04-02T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15153
published_at	2026-04-21T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15193
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013
reference_id	1132013
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451819
reference_id	2451819
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451819

reference_url

https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_id

7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869

reference_url

https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_id

aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

reference_id

GHSA-wjr5-c57x-95m2

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:7671
reference_id	RHSA-2026:7671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7671

reference_url	https://access.redhat.com/errata/RHSA-2026:7672
reference_id	RHSA-2026:7672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7672

reference_url	https://access.redhat.com/errata/RHSA-2026:8052
reference_id	RHSA-2026:8052
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8052

reference_url	https://access.redhat.com/errata/RHSA-2026:8459
reference_id	RHSA-2026:8459
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8459

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://access.redhat.com/errata/RHSA-2026:9345
reference_id	RHSA-2026:9345
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9345

reference_url	https://access.redhat.com/errata/RHSA-2026:9638
reference_id	RHSA-2026:9638
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9638

reference_url	https://access.redhat.com/errata/RHSA-2026:9693
reference_id	RHSA-2026:9693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9693

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2026-33636

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft

url VCID-rm7f-ybuf-dyfq

vulnerability_id VCID-rm7f-ybuf-dyfq

summary libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-22695

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.08627
published_at	2026-04-02T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08702
published_at	2026-04-24T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08678
published_at	2026-04-04T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08597
published_at	2026-04-07T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08671
published_at	2026-04-08T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08696
published_at	2026-04-11T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08673
published_at	2026-04-12T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.0866
published_at	2026-04-13T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08548
published_at	2026-04-16T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08535
published_at	2026-04-18T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.08689
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-22695

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443
reference_id	1125443
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443

reference_url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_id

218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428825
reference_id	2428825
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428825

reference_url

https://github.com/pnggroup/libpng/issues/778

reference_id

778

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/issues/778

reference_url

https://github.com/pnggroup/libpng/commit/e4f7ad4ea2

reference_id

e4f7ad4ea2

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/commit/e4f7ad4ea2

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

reference_id

GHSA-mmq5-27w3-rxpp

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp

reference_url	https://access.redhat.com/errata/RHSA-2026:3405
reference_id	RHSA-2026:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3405

reference_url	https://access.redhat.com/errata/RHSA-2026:3551
reference_id	RHSA-2026:3551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3551

reference_url	https://access.redhat.com/errata/RHSA-2026:3573
reference_id	RHSA-2026:3573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3573

reference_url	https://access.redhat.com/errata/RHSA-2026:3574
reference_id	RHSA-2026:3574
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3574

reference_url	https://access.redhat.com/errata/RHSA-2026:3575
reference_id	RHSA-2026:3575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3575

reference_url	https://access.redhat.com/errata/RHSA-2026:3576
reference_id	RHSA-2026:3576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3576

reference_url	https://access.redhat.com/errata/RHSA-2026:3577
reference_id	RHSA-2026:3577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3577

reference_url	https://access.redhat.com/errata/RHSA-2026:4306
reference_id	RHSA-2026:4306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4306

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4728
reference_id	RHSA-2026:4728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4728

reference_url	https://access.redhat.com/errata/RHSA-2026:4729
reference_id	RHSA-2026:4729
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4729

reference_url	https://access.redhat.com/errata/RHSA-2026:4730
reference_id	RHSA-2026:4730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4730

reference_url	https://access.redhat.com/errata/RHSA-2026:4731
reference_id	RHSA-2026:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4731

reference_url	https://access.redhat.com/errata/RHSA-2026:4732
reference_id	RHSA-2026:4732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4732

reference_url	https://access.redhat.com/errata/RHSA-2026:5606
reference_id	RHSA-2026:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5606

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:8746
reference_id	RHSA-2026:8746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8746

reference_url	https://access.redhat.com/errata/RHSA-2026:8747
reference_id	RHSA-2026:8747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8747

reference_url	https://access.redhat.com/errata/RHSA-2026:8748
reference_id	RHSA-2026:8748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://usn.ubuntu.com/7963-1/
reference_id	USN-7963-1
reference_type
scores
url	https://usn.ubuntu.com/7963-1/

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2026-22695

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7f-ybuf-dyfq

url VCID-xyhj-84d1-dqh3

vulnerability_id VCID-xyhj-84d1-dqh3

summary libpng: LIBPNG has a heap buffer overflow in png_set_quantize

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25646

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.23049
published_at	2026-04-08T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23103
published_at	2026-04-09T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23122
published_at	2026-04-11T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23085
published_at	2026-04-12T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23029
published_at	2026-04-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23042
published_at	2026-04-16T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23035
published_at	2026-04-18T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.2376
published_at	2026-04-21T12:55:00Z

value	0.00081
scoring_system	epss
scoring_elements	0.23645
published_at	2026-04-24T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26176
published_at	2026-04-04T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26135
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25646

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88

reference_id

01d03b8453eb30ade759cd45c707e5a1c7277d88

reference_type

scores

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/

url

https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566
reference_id	1127566
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2438542
reference_id	2438542
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2438542

reference_url

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

reference_id

GHSA-g8hp-mq4h-rqm3

reference_type

scores

value	8.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/

url

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

reference_url	https://access.redhat.com/errata/RHSA-2026:3031
reference_id	RHSA-2026:3031
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3031

reference_url	https://access.redhat.com/errata/RHSA-2026:3405
reference_id	RHSA-2026:3405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3405

reference_url	https://access.redhat.com/errata/RHSA-2026:3551
reference_id	RHSA-2026:3551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3551

reference_url	https://access.redhat.com/errata/RHSA-2026:3573
reference_id	RHSA-2026:3573
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3573

reference_url	https://access.redhat.com/errata/RHSA-2026:3574
reference_id	RHSA-2026:3574
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3574

reference_url	https://access.redhat.com/errata/RHSA-2026:3575
reference_id	RHSA-2026:3575
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3575

reference_url	https://access.redhat.com/errata/RHSA-2026:3576
reference_id	RHSA-2026:3576
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3576

reference_url	https://access.redhat.com/errata/RHSA-2026:3577
reference_id	RHSA-2026:3577
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3577

reference_url	https://access.redhat.com/errata/RHSA-2026:3968
reference_id	RHSA-2026:3968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3968

reference_url	https://access.redhat.com/errata/RHSA-2026:3969
reference_id	RHSA-2026:3969
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3969

reference_url	https://access.redhat.com/errata/RHSA-2026:4221
reference_id	RHSA-2026:4221
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4221

reference_url	https://access.redhat.com/errata/RHSA-2026:4222
reference_id	RHSA-2026:4222
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4222

reference_url	https://access.redhat.com/errata/RHSA-2026:4306
reference_id	RHSA-2026:4306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4306

reference_url	https://access.redhat.com/errata/RHSA-2026:4501
reference_id	RHSA-2026:4501
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4501

reference_url	https://access.redhat.com/errata/RHSA-2026:4728
reference_id	RHSA-2026:4728
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4728

reference_url	https://access.redhat.com/errata/RHSA-2026:4729
reference_id	RHSA-2026:4729
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4729

reference_url	https://access.redhat.com/errata/RHSA-2026:4730
reference_id	RHSA-2026:4730
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4730

reference_url	https://access.redhat.com/errata/RHSA-2026:4731
reference_id	RHSA-2026:4731
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4731

reference_url	https://access.redhat.com/errata/RHSA-2026:4732
reference_id	RHSA-2026:4732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4732

reference_url	https://access.redhat.com/errata/RHSA-2026:4756
reference_id	RHSA-2026:4756
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4756

reference_url	https://access.redhat.com/errata/RHSA-2026:5606
reference_id	RHSA-2026:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5606

reference_url	https://access.redhat.com/errata/RHSA-2026:6439
reference_id	RHSA-2026:6439
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6439

reference_url	https://access.redhat.com/errata/RHSA-2026:6445
reference_id	RHSA-2026:6445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6445

reference_url	https://access.redhat.com/errata/RHSA-2026:6466
reference_id	RHSA-2026:6466
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6466

reference_url	https://access.redhat.com/errata/RHSA-2026:6467
reference_id	RHSA-2026:6467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6467

reference_url	https://access.redhat.com/errata/RHSA-2026:6468
reference_id	RHSA-2026:6468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6468

reference_url	https://access.redhat.com/errata/RHSA-2026:6469
reference_id	RHSA-2026:6469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6469

reference_url	https://access.redhat.com/errata/RHSA-2026:6553
reference_id	RHSA-2026:6553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6553

reference_url	https://access.redhat.com/errata/RHSA-2026:6732
reference_id	RHSA-2026:6732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6732

reference_url	https://access.redhat.com/errata/RHSA-2026:7032
reference_id	RHSA-2026:7032
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7032

reference_url	https://access.redhat.com/errata/RHSA-2026:7033
reference_id	RHSA-2026:7033
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7033

reference_url	https://access.redhat.com/errata/RHSA-2026:7034
reference_id	RHSA-2026:7034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7034

reference_url	https://access.redhat.com/errata/RHSA-2026:7035
reference_id	RHSA-2026:7035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7035

reference_url	https://access.redhat.com/errata/RHSA-2026:7036
reference_id	RHSA-2026:7036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7036

reference_url	https://access.redhat.com/errata/RHSA-2026:7239
reference_id	RHSA-2026:7239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7239

reference_url	https://access.redhat.com/errata/RHSA-2026:7243
reference_id	RHSA-2026:7243
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7243

reference_url	https://access.redhat.com/errata/RHSA-2026:8746
reference_id	RHSA-2026:8746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8746

reference_url	https://access.redhat.com/errata/RHSA-2026:8747
reference_id	RHSA-2026:8747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8747

reference_url	https://access.redhat.com/errata/RHSA-2026:8748
reference_id	RHSA-2026:8748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://access.redhat.com/errata/RHSA-2026:9254
reference_id	RHSA-2026:9254
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9254

reference_url	https://access.redhat.com/errata/RHSA-2026:9255
reference_id	RHSA-2026:9255
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:9255

reference_url	https://usn.ubuntu.com/8035-1/
reference_id	USN-8035-1
reference_type
scores
url	https://usn.ubuntu.com/8035-1/

reference_url	https://usn.ubuntu.com/8039-1/
reference_id	USN-8039-1
reference_type
scores
url	https://usn.ubuntu.com/8039-1/

reference_url	https://usn.ubuntu.com/8081-1/
reference_id	USN-8081-1
reference_type
scores
url	https://usn.ubuntu.com/8081-1/

fixed_packages

url pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

purl pkg:deb/debian/libpng1.6@1.6.39-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uxj6-4181-rygt

vulnerability	VCID-uxqz-nx2v-6yc5

vulnerability	VCID-zmjn-418h-ebg8

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

aliases CVE-2026-25646

risk_score 3.8

exploitability 0.5

weighted_severity 7.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xyhj-84d1-dqh3

Risk_score 2.8

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpng1.6@1.6.39-2%252Bdeb12u1

Package Instance