VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-j7dk-wzkm-tfcr

Essentials
Severities (24)
References (37)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-j7dk-wzkm-tfcr
Aliases	CVE-2025-66293
Summary	libpng: LIBPNG out-of-bounds read in png_image_read_composite
Status	Published
Exploitability	0.5
Weighted Severity	6.4
Risk	3.2
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-125

Out-of-bounds Read

System	Score	Found at
cvssv3	7.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json
epss	0.00082	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
epss	0.00116	https://api.first.org/data/v1/epss?cve=CVE-2025-66293
cvssv3.1	7.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.1	https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1
ssvc	Track	https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1
cvssv3.1	7.1	https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a
ssvc	Track	https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a
cvssv3.1	7.1	https://github.com/pnggroup/libpng/issues/764
ssvc	Track	https://github.com/pnggroup/libpng/issues/764
cvssv3.1	7.1	https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f
ssvc	Track	https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-66293
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1121877		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877
2418711		https://bugzilla.redhat.com/show_bug.cgi?id=2418711
764		https://github.com/pnggroup/libpng/issues/764
788a624d7387a758ffd5c7ab010f1870dea753a1		https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1
a05a48b756de63e3234ea6b3b938b8f5f862484a		https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a
GHSA-9mpm-9pxh-mg4f		https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f
RHSA-2026:0125		https://access.redhat.com/errata/RHSA-2026:0125
RHSA-2026:0210		https://access.redhat.com/errata/RHSA-2026:0210
RHSA-2026:0211		https://access.redhat.com/errata/RHSA-2026:0211
RHSA-2026:0212		https://access.redhat.com/errata/RHSA-2026:0212
RHSA-2026:0216		https://access.redhat.com/errata/RHSA-2026:0216
RHSA-2026:0234		https://access.redhat.com/errata/RHSA-2026:0234
RHSA-2026:0237		https://access.redhat.com/errata/RHSA-2026:0237
RHSA-2026:0238		https://access.redhat.com/errata/RHSA-2026:0238
RHSA-2026:0241		https://access.redhat.com/errata/RHSA-2026:0241
RHSA-2026:0313		https://access.redhat.com/errata/RHSA-2026:0313
RHSA-2026:0321		https://access.redhat.com/errata/RHSA-2026:0321
RHSA-2026:0322		https://access.redhat.com/errata/RHSA-2026:0322
RHSA-2026:0323		https://access.redhat.com/errata/RHSA-2026:0323
RHSA-2026:0414		https://access.redhat.com/errata/RHSA-2026:0414
RHSA-2026:2072		https://access.redhat.com/errata/RHSA-2026:2072
RHSA-2026:2633		https://access.redhat.com/errata/RHSA-2026:2633
RHSA-2026:2659		https://access.redhat.com/errata/RHSA-2026:2659
RHSA-2026:2671		https://access.redhat.com/errata/RHSA-2026:2671
RHSA-2026:2974		https://access.redhat.com/errata/RHSA-2026:2974
RHSA-2026:3415		https://access.redhat.com/errata/RHSA-2026:3415
RHSA-2026:3861		https://access.redhat.com/errata/RHSA-2026:3861
RHSA-2026:4419		https://access.redhat.com/errata/RHSA-2026:4419
RHSA-2026:6732		https://access.redhat.com/errata/RHSA-2026:6732
RHSA-2026:9254		https://access.redhat.com/errata/RHSA-2026:9254
RHSA-2026:9255		https://access.redhat.com/errata/RHSA-2026:9255
USN-7963-1		https://usn.ubuntu.com/7963-1/
USN-8035-1		https://usn.ubuntu.com/8035-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/ Found at https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/ Found at https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/pnggroup/libpng/issues/764

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/ Found at https://github.com/pnggroup/libpng/issues/764

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/ Found at https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

Exploit Prediction Scoring System (EPSS)

Percentile	0.24185
EPSS Score	0.00082
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:34:19.180856+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json	38.0.0