VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-7923-9g38-jqc3

Essentials
Severities (26)
References (39)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-7923-9g38-jqc3
Aliases	CVE-2025-65018
Summary	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.
Status	Published
Exploitability	0.5
Weighted Severity	6.4
Risk	3.2
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-787	Out-of-bounds Write
CWE-122	Heap-based Buffer Overflow

System	Score	Found at
cvssv3	7.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00056	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2025-65018
cvssv3.1	6.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.1	https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d
ssvc	Track*	https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d
cvssv3.1	7.1	https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
ssvc	Track*	https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
cvssv3.1	7.1	https://github.com/pnggroup/libpng/issues/755
ssvc	Track*	https://github.com/pnggroup/libpng/issues/755
cvssv3.1	7.1	https://github.com/pnggroup/libpng/pull/757
ssvc	Track*	https://github.com/pnggroup/libpng/pull/757
cvssv3.1	7.1	https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g
ssvc	Track*	https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-65018
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1121216		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216
16b5e3823918840aae65c0a6da57c78a5a496a4d		https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d
218612ddd6b17944e21eda56caf8b4bf7779d1ea		https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea
2416907		https://bugzilla.redhat.com/show_bug.cgi?id=2416907
755		https://github.com/pnggroup/libpng/issues/755
757		https://github.com/pnggroup/libpng/pull/757
GHSA-7wv6-48j4-hj3g		https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g
GLSA-202511-06		https://security.gentoo.org/glsa/202511-06
RHSA-2026:0125		https://access.redhat.com/errata/RHSA-2026:0125
RHSA-2026:0210		https://access.redhat.com/errata/RHSA-2026:0210
RHSA-2026:0211		https://access.redhat.com/errata/RHSA-2026:0211
RHSA-2026:0212		https://access.redhat.com/errata/RHSA-2026:0212
RHSA-2026:0216		https://access.redhat.com/errata/RHSA-2026:0216
RHSA-2026:0234		https://access.redhat.com/errata/RHSA-2026:0234
RHSA-2026:0237		https://access.redhat.com/errata/RHSA-2026:0237
RHSA-2026:0238		https://access.redhat.com/errata/RHSA-2026:0238
RHSA-2026:0241		https://access.redhat.com/errata/RHSA-2026:0241
RHSA-2026:0313		https://access.redhat.com/errata/RHSA-2026:0313
RHSA-2026:0321		https://access.redhat.com/errata/RHSA-2026:0321
RHSA-2026:0322		https://access.redhat.com/errata/RHSA-2026:0322
RHSA-2026:0323		https://access.redhat.com/errata/RHSA-2026:0323
RHSA-2026:0414		https://access.redhat.com/errata/RHSA-2026:0414
RHSA-2026:0847		https://access.redhat.com/errata/RHSA-2026:0847
RHSA-2026:0848		https://access.redhat.com/errata/RHSA-2026:0848
RHSA-2026:0849		https://access.redhat.com/errata/RHSA-2026:0849
RHSA-2026:0895		https://access.redhat.com/errata/RHSA-2026:0895
RHSA-2026:0897		https://access.redhat.com/errata/RHSA-2026:0897
RHSA-2026:0899		https://access.redhat.com/errata/RHSA-2026:0899
RHSA-2026:0901		https://access.redhat.com/errata/RHSA-2026:0901
RHSA-2026:0927		https://access.redhat.com/errata/RHSA-2026:0927
RHSA-2026:0928		https://access.redhat.com/errata/RHSA-2026:0928
RHSA-2026:0932		https://access.redhat.com/errata/RHSA-2026:0932
RHSA-2026:0933		https://access.redhat.com/errata/RHSA-2026:0933
RHSA-2026:6732		https://access.redhat.com/errata/RHSA-2026:6732
USN-7924-1		https://usn.ubuntu.com/7924-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Found at https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/ Found at https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Found at https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/ Found at https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Found at https://github.com/pnggroup/libpng/issues/755

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/ Found at https://github.com/pnggroup/libpng/issues/755

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Found at https://github.com/pnggroup/libpng/pull/757

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/ Found at https://github.com/pnggroup/libpng/pull/757

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Found at https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/ Found at https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g

Exploit Prediction Scoring System (EPSS)

Percentile	0.15265
EPSS Score	0.00049
Published At	April 24, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:02:00.174228+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/202511-06	38.0.0