24h | 7d | 30d

Overview

  • pnggroup
  • libpng

24 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.03%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture
Critical security update for #SUSE Linux systems. The libpng16 library vulnerabilities (CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018) require immediate attention. Read more: 👉 tinyurl.com/s3hj57cu #Security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • pnggroup
  • libpng

24 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
MEDIUM (6.1)
EPSS
0.02%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture
Critical security update for #SUSE Linux systems. The libpng16 library vulnerabilities (CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018) require immediate attention. Read more: 👉 tinyurl.com/s3hj57cu #Security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • pnggroup
  • libpng

24 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
HIGH (7.1)
EPSS
0.05%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture
Critical security update for #SUSE Linux systems. The libpng16 library vulnerabilities (CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018) require immediate attention. Read more: 👉 tinyurl.com/s3hj57cu #Security
  • 0
  • 0
  • 0
  • 14h ago
Showing 61 to 63 of 63 CVEs