CVE-2025-66293

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.6.52

Description LIBPNG is a library used for reading, creating, and manipulating PNG raster image files. A flaw exists in libpng's simplified API where processing valid palette PNG images with partial transparency and gamma correction can lead to an out-of-bounds read. Specifically, the png sRGB base[512] array can be read beyond its bounds by up to 1012 bytes. The vulnerability occurs due to an issue in libpng's internal state management when handling these types of PNG images. The affected function is png image read composite. The PNG files that trigger this issue are valid according to the PNG specification.

Recommendations Upgrade to libpng version 1.6.52 or later.