VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-g9jj-qcjq-h3d4

Essentials
Severities (11)
References (39)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-g9jj-qcjq-h3d4
Aliases	CVE-2025-64720
Summary	libpng: LIBPNG buffer overflow
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
cvssv3	7.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json
epss	0.00079	https://api.first.org/data/v1/epss?cve=CVE-2025-64720
cvssv3.1	6.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.1	https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643
ssvc	Track	https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643
cvssv3.1	7.1	https://github.com/pnggroup/libpng/issues/686
ssvc	Track	https://github.com/pnggroup/libpng/issues/686
cvssv3.1	7.1	https://github.com/pnggroup/libpng/pull/751
ssvc	Track	https://github.com/pnggroup/libpng/pull/751
cvssv3.1	7.1	https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww
ssvc	Track	https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-64720
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
08da33b4c88cfcd36e5a706558a8d7e0e4773643		https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643
1121217		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217
2416904		https://bugzilla.redhat.com/show_bug.cgi?id=2416904
686		https://github.com/pnggroup/libpng/issues/686
751		https://github.com/pnggroup/libpng/pull/751
GHSA-hfc7-ph9c-wcww		https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww
GLSA-202511-06		https://security.gentoo.org/glsa/202511-06
RHSA-2026:0125		https://access.redhat.com/errata/RHSA-2026:0125
RHSA-2026:0210		https://access.redhat.com/errata/RHSA-2026:0210
RHSA-2026:0211		https://access.redhat.com/errata/RHSA-2026:0211
RHSA-2026:0212		https://access.redhat.com/errata/RHSA-2026:0212
RHSA-2026:0216		https://access.redhat.com/errata/RHSA-2026:0216
RHSA-2026:0234		https://access.redhat.com/errata/RHSA-2026:0234
RHSA-2026:0237		https://access.redhat.com/errata/RHSA-2026:0237
RHSA-2026:0238		https://access.redhat.com/errata/RHSA-2026:0238
RHSA-2026:0241		https://access.redhat.com/errata/RHSA-2026:0241
RHSA-2026:0251		https://access.redhat.com/errata/RHSA-2026:0251
RHSA-2026:0313		https://access.redhat.com/errata/RHSA-2026:0313
RHSA-2026:0321		https://access.redhat.com/errata/RHSA-2026:0321
RHSA-2026:0322		https://access.redhat.com/errata/RHSA-2026:0322
RHSA-2026:0323		https://access.redhat.com/errata/RHSA-2026:0323
RHSA-2026:0414		https://access.redhat.com/errata/RHSA-2026:0414
RHSA-2026:0847		https://access.redhat.com/errata/RHSA-2026:0847
RHSA-2026:0848		https://access.redhat.com/errata/RHSA-2026:0848
RHSA-2026:0849		https://access.redhat.com/errata/RHSA-2026:0849
RHSA-2026:0895		https://access.redhat.com/errata/RHSA-2026:0895
RHSA-2026:0897		https://access.redhat.com/errata/RHSA-2026:0897
RHSA-2026:0899		https://access.redhat.com/errata/RHSA-2026:0899
RHSA-2026:0901		https://access.redhat.com/errata/RHSA-2026:0901
RHSA-2026:0927		https://access.redhat.com/errata/RHSA-2026:0927
RHSA-2026:0928		https://access.redhat.com/errata/RHSA-2026:0928
RHSA-2026:0932		https://access.redhat.com/errata/RHSA-2026:0932
RHSA-2026:0933		https://access.redhat.com/errata/RHSA-2026:0933
RHSA-2026:6732		https://access.redhat.com/errata/RHSA-2026:6732
USN-7924-1		https://usn.ubuntu.com/7924-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/ Found at https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/pnggroup/libpng/issues/686

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/ Found at https://github.com/pnggroup/libpng/issues/686

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/pnggroup/libpng/pull/751

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/ Found at https://github.com/pnggroup/libpng/pull/751

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/ Found at https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww

Exploit Prediction Scoring System (EPSS)

Percentile	0.23545
EPSS Score	0.00079
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:47:28.638561+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json	38.6.0