{"url":"http://public2.vulnerablecode.io/api/packages/1073000?format=json","purl":"pkg:rpm/redhat/libpng-main@1.6.56-1?arch=hum1","type":"rpm","namespace":"redhat","name":"libpng-main","version":"1.6.56-1","qualifiers":{"arch":"hum1"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42454?format=json","vulnerability_id":"VCID-7923-9g38-jqc3","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65018.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65018","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15207","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15265","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15263","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26497","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26541","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2639","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26441","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26449","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26344","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26351","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26325","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216","reference_id":"1121216","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121216"},{"reference_url":"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d","reference_id":"16b5e3823918840aae65c0a6da57c78a5a496a4d","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"},{"reference_url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_id":"218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416907","reference_id":"2416907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416907"},{"reference_url":"https://github.com/pnggroup/libpng/issues/755","reference_id":"755","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/issues/755"},{"reference_url":"https://github.com/pnggroup/libpng/pull/757","reference_id":"757","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/pull/757"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g","reference_id":"GHSA-7wv6-48j4-hj3g","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-11-25T19:29:28Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[],"aliases":["CVE-2025-65018"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7923-9g38-jqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65169?format=json","vulnerability_id":"VCID-7qam-er5a-gbas","summary":"libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22801","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04618","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04773","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04807","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04845","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04642","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04688","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.047","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04674","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04658","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04625","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04633","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444","reference_id":"1125444","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125444"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428824","reference_id":"2428824","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428824"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8","reference_id":"GHSA-vgjq-8cw5-ggw8","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T19:37:38Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[],"aliases":["CVE-2026-22801"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7qam-er5a-gbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63979?format=json","vulnerability_id":"VCID-dm7h-c7wt-1kbs","summary":"libpng: libpng: Arbitrary code execution due to use-after-free vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33416","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11022","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10934","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10979","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12063","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12864","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13064","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12775","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12874","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12919","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12954","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12943","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15898","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012","reference_id":"1132012","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132012"},{"reference_url":"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb","reference_id":"23019269764e35ed8458e517f1897bd3c54820eb","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805","reference_id":"2451805","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805"},{"reference_url":"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667","reference_id":"7ea9eea884a2328cc7fdcb3c0c00246a50d90667","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"},{"reference_url":"https://github.com/pnggroup/libpng/pull/824","reference_id":"824","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/pull/824"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25","reference_id":"a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"},{"reference_url":"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1","reference_id":"c1b0318b393c90679e6fa5bc1d329fd5d5012ec1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j","reference_id":"GHSA-m4pc-p4q3-4c7j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-26T19:49:05Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"}],"fixed_packages":[],"aliases":["CVE-2026-33416"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dm7h-c7wt-1kbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66390?format=json","vulnerability_id":"VCID-j7dk-wzkm-tfcr","summary":"libpng: LIBPNG out-of-bounds read in png_image_read_composite","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66293","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24185","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30023","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30416","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30418","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30374","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30342","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30324","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30279","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30216","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30101","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30511","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30323","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.30382","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877","reference_id":"1121877","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121877"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711","reference_id":"2418711","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418711"},{"reference_url":"https://github.com/pnggroup/libpng/issues/764","reference_id":"764","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/issues/764"},{"reference_url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1","reference_id":"788a624d7387a758ffd5c7ab010f1870dea753a1","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"},{"reference_url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_id":"a05a48b756de63e3234ea6b3b938b8f5f862484a","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f","reference_id":"GHSA-9mpm-9pxh-mg4f","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T20:52:13Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2072","reference_id":"RHSA-2026:2072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2633","reference_id":"RHSA-2026:2633","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2633"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2659","reference_id":"RHSA-2026:2659","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2659"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2671","reference_id":"RHSA-2026:2671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2974","reference_id":"RHSA-2026:2974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3415","reference_id":"RHSA-2026:3415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3861","reference_id":"RHSA-2026:3861","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4419","reference_id":"RHSA-2026:4419","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4419"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[],"aliases":["CVE-2025-66293"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7dk-wzkm-tfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42451?format=json","vulnerability_id":"VCID-kwag-k17x-kyaj","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64505.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64505","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01548","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01541","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01698","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07276","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07223","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07304","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219","reference_id":"1121219","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121219"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416905","reference_id":"2416905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416905"},{"reference_url":"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37","reference_id":"6a528eb5fd0dd7f6de1c39d30de0e41473431c37","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37"},{"reference_url":"https://github.com/pnggroup/libpng/pull/748","reference_id":"748","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/pull/748"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42","reference_id":"GHSA-4952-h5wq-4m42","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T18:55:44Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"},{"reference_url":"https://usn.ubuntu.com/8081-1/","reference_id":"USN-8081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8081-1/"}],"fixed_packages":[],"aliases":["CVE-2025-64505"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwag-k17x-kyaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42453?format=json","vulnerability_id":"VCID-n4kj-urjq-2uav","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64720","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16669","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.17858","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27983","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27924","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27824","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27831","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27809","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.28025","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643","reference_id":"08da33b4c88cfcd36e5a706558a8d7e0e4773643","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217","reference_id":"1121217","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121217"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416904","reference_id":"2416904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416904"},{"reference_url":"https://github.com/pnggroup/libpng/issues/686","reference_id":"686","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/issues/686"},{"reference_url":"https://github.com/pnggroup/libpng/pull/751","reference_id":"751","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/pull/751"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww","reference_id":"GHSA-hfc7-ph9c-wcww","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:16Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0125","reference_id":"RHSA-2026:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0210","reference_id":"RHSA-2026:0210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0211","reference_id":"RHSA-2026:0211","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0211"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0212","reference_id":"RHSA-2026:0212","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0212"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0216","reference_id":"RHSA-2026:0216","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0216"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0234","reference_id":"RHSA-2026:0234","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0234"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0237","reference_id":"RHSA-2026:0237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0238","reference_id":"RHSA-2026:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0241","reference_id":"RHSA-2026:0241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0251","reference_id":"RHSA-2026:0251","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0251"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0313","reference_id":"RHSA-2026:0313","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0313"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0321","reference_id":"RHSA-2026:0321","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0321"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0322","reference_id":"RHSA-2026:0322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0323","reference_id":"RHSA-2026:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0323"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0414","reference_id":"RHSA-2026:0414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0847","reference_id":"RHSA-2026:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0848","reference_id":"RHSA-2026:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0849","reference_id":"RHSA-2026:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0895","reference_id":"RHSA-2026:0895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0897","reference_id":"RHSA-2026:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0899","reference_id":"RHSA-2026:0899","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0901","reference_id":"RHSA-2026:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0927","reference_id":"RHSA-2026:0927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0928","reference_id":"RHSA-2026:0928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0932","reference_id":"RHSA-2026:0932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:0933","reference_id":"RHSA-2026:0933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:0933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[],"aliases":["CVE-2025-64720"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4kj-urjq-2uav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42452?format=json","vulnerability_id":"VCID-p6b5-1ba6-b3f8","summary":"Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64506","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.044","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04344","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04364","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04685","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.073","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07286","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07276","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07207","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07223","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07278","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07304","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218","reference_id":"1121218","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416906","reference_id":"2416906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416906"},{"reference_url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821","reference_id":"2bd84c019c300b78e811743fbcddb67c9d9bf821","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821"},{"reference_url":"https://github.com/pnggroup/libpng/pull/749","reference_id":"749","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/pull/749"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6","reference_id":"GHSA-qpr4-xm66-hww6","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:26:55Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"},{"reference_url":"https://security.gentoo.org/glsa/202511-06","reference_id":"GLSA-202511-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202511-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7924-1/","reference_id":"USN-7924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7924-1/"}],"fixed_packages":[],"aliases":["CVE-2025-64506"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p6b5-1ba6-b3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63978?format=json","vulnerability_id":"VCID-ptgq-884e-mkft","summary":"libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33636","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09508","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09521","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09555","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09569","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0954","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09418","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0942","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15197","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15193","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15153","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.16608","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33636"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013","reference_id":"1132013","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451819","reference_id":"2451819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451819"},{"reference_url":"https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869","reference_id":"7734cda20cf1236aef60f3bbd2267c97bbb40869","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"},{"reference_url":"https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3","reference_id":"aba9f18eba870d14fb52c5ba5d73451349e339c3","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2","reference_id":"GHSA-wjr5-c57x-95m2","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T18:45:14Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11805","reference_id":"RHSA-2026:11805","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11805"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11813","reference_id":"RHSA-2026:11813","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11813"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12264","reference_id":"RHSA-2026:12264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13342","reference_id":"RHSA-2026:13342","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13342"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7671","reference_id":"RHSA-2026:7671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7672","reference_id":"RHSA-2026:7672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8052","reference_id":"RHSA-2026:8052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8459","reference_id":"RHSA-2026:8459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9345","reference_id":"RHSA-2026:9345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9638","reference_id":"RHSA-2026:9638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9693","reference_id":"RHSA-2026:9693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9693"}],"fixed_packages":[],"aliases":["CVE-2026-33636"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ptgq-884e-mkft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65170?format=json","vulnerability_id":"VCID-rm7f-ybuf-dyfq","summary":"libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22695.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22695","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08627","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08657","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08673","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08548","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08535","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08689","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08702","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08655","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08597","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22695"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443","reference_id":"1125443","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125443"},{"reference_url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_id":"218612ddd6b17944e21eda56caf8b4bf7779d1ea","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428825","reference_id":"2428825","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428825"},{"reference_url":"https://github.com/pnggroup/libpng/issues/778","reference_id":"778","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/issues/778"},{"reference_url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2","reference_id":"e4f7ad4ea2","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp","reference_id":"GHSA-mmq5-27w3-rxpp","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:13:00Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/7963-1/","reference_id":"USN-7963-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7963-1/"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"}],"fixed_packages":[],"aliases":["CVE-2026-22695"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rm7f-ybuf-dyfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64864?format=json","vulnerability_id":"VCID-uxj6-4181-rygt","summary":"libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28164","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04684","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0444","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04659","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04513","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04503","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04489","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04471","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28164"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433398","reference_id":"2433398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433398"},{"reference_url":"https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20","reference_id":"506516f8c22178005b4379c8b2a7de20","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/"}],"url":"https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20"},{"reference_url":"https://github.com/pnggroup/libpng/issues/655","reference_id":"655","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-28T16:35:03Z/"}],"url":"https://github.com/pnggroup/libpng/issues/655"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7993-1/","reference_id":"USN-7993-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7993-1/"}],"fixed_packages":[],"aliases":["CVE-2025-28164"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxj6-4181-rygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64865?format=json","vulnerability_id":"VCID-uxqz-nx2v-6yc5","summary":"libpng: libpng: Denial of Service via buffer overflow in pngimage utility","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-28162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28162","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04684","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0444","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04448","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04586","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04624","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04659","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04497","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04513","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04503","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04489","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04471","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-28162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-28162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433407","reference_id":"2433407","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433407"},{"reference_url":"https://github.com/pnggroup/libpng/issues/656","reference_id":"656","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/"}],"url":"https://github.com/pnggroup/libpng/issues/656"},{"reference_url":"https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60","reference_id":"fbfdb9b5610c6b3db0d5dea045a07c60","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-29T14:44:12Z/"}],"url":"https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://usn.ubuntu.com/7993-1/","reference_id":"USN-7993-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7993-1/"}],"fixed_packages":[],"aliases":["CVE-2025-28162"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxqz-nx2v-6yc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64341?format=json","vulnerability_id":"VCID-xw1h-wg98-zuhj","summary":"libpng: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3713.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3713","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02835","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0285","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0286","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.02859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0406","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03937","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03925","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03945","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03974","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0399","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0402","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04074","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04126","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3713"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445566","reference_id":"2445566","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445566"},{"reference_url":"https://github.com/pnggroup/libpng/issues/794","reference_id":"794","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T13:42:50Z/"}],"url":"https://github.com/pnggroup/libpng/issues/794"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*"},{"reference_url":"https://vuldb.com/?ctiid.349658","reference_id":"?ctiid.349658","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T13:42:50Z/"}],"url":"https://vuldb.com/?ctiid.349658"},{"reference_url":"https://vuldb.com/?id.349658","reference_id":"?id.349658","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T13:42:50Z/"}],"url":"https://vuldb.com/?id.349658"},{"reference_url":"https://github.com/pnggroup/libpng/","reference_id":"libpng","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T13:42:50Z/"}],"url":"https://github.com/pnggroup/libpng/"},{"reference_url":"https://github.com/biniamf/pocs/tree/main/pnm2png","reference_id":"pnm2png","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T13:42:50Z/"}],"url":"https://github.com/biniamf/pocs/tree/main/pnm2png"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://vuldb.com/?submit.761996","reference_id":"?submit.761996","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T13:42:50Z/"}],"url":"https://vuldb.com/?submit.761996"}],"fixed_packages":[],"aliases":["CVE-2026-3713"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw1h-wg98-zuhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64639?format=json","vulnerability_id":"VCID-xyhj-84d1-dqh3","summary":"libpng: LIBPNG has a heap buffer overflow in png_set_quantize","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25646.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25646","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23103","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23085","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23042","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23035","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23599","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.2376","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23645","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26176","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_id":"01d03b8453eb30ade759cd45c707e5a1c7277d88","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566","reference_id":"1127566","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127566"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542","reference_id":"2438542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438542"},{"reference_url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3","reference_id":"GHSA-g8hp-mq4h-rqm3","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T15:31:50Z/"}],"url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10097","reference_id":"RHSA-2026:10097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3031","reference_id":"RHSA-2026:3031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3405","reference_id":"RHSA-2026:3405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3551","reference_id":"RHSA-2026:3551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3573","reference_id":"RHSA-2026:3573","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3574","reference_id":"RHSA-2026:3574","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3575","reference_id":"RHSA-2026:3575","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3576","reference_id":"RHSA-2026:3576","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3576"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3577","reference_id":"RHSA-2026:3577","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3577"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3968","reference_id":"RHSA-2026:3968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3969","reference_id":"RHSA-2026:3969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4221","reference_id":"RHSA-2026:4221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4222","reference_id":"RHSA-2026:4222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4306","reference_id":"RHSA-2026:4306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4501","reference_id":"RHSA-2026:4501","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4728","reference_id":"RHSA-2026:4728","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4728"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4729","reference_id":"RHSA-2026:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4730","reference_id":"RHSA-2026:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4731","reference_id":"RHSA-2026:4731","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4731"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4732","reference_id":"RHSA-2026:4732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4756","reference_id":"RHSA-2026:4756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5606","reference_id":"RHSA-2026:5606","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5606"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6439","reference_id":"RHSA-2026:6439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6445","reference_id":"RHSA-2026:6445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6466","reference_id":"RHSA-2026:6466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6467","reference_id":"RHSA-2026:6467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6468","reference_id":"RHSA-2026:6468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6469","reference_id":"RHSA-2026:6469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6553","reference_id":"RHSA-2026:6553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6732","reference_id":"RHSA-2026:6732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7032","reference_id":"RHSA-2026:7032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7033","reference_id":"RHSA-2026:7033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7034","reference_id":"RHSA-2026:7034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7035","reference_id":"RHSA-2026:7035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7036","reference_id":"RHSA-2026:7036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7239","reference_id":"RHSA-2026:7239","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7239"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7243","reference_id":"RHSA-2026:7243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8746","reference_id":"RHSA-2026:8746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8747","reference_id":"RHSA-2026:8747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8748","reference_id":"RHSA-2026:8748","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8748"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9254","reference_id":"RHSA-2026:9254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9254"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9255","reference_id":"RHSA-2026:9255","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9255"},{"reference_url":"https://usn.ubuntu.com/8035-1/","reference_id":"USN-8035-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8035-1/"},{"reference_url":"https://usn.ubuntu.com/8039-1/","reference_id":"USN-8039-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8039-1/"},{"reference_url":"https://usn.ubuntu.com/8081-1/","reference_id":"USN-8081-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8081-1/"}],"fixed_packages":[],"aliases":["CVE-2026-25646"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xyhj-84d1-dqh3"}],"fixing_vulnerabilities":[],"risk_score":"3.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libpng-main@1.6.56-1%3Farch=hum1"}