PT-2025-47830 · Libpng+5 · Libpng+5

Published

2025-05-26

Updated

2026-04-01

CVE-2025-64506

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions LIBPNG versions 1.6.0 through 1.6.50

Description LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A heap buffer over-read issue exists in the png write image 8bit function when processing 8-bit images using the simplified write API with convert to 8bit enabled. This affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. An incorrect conditional guard allows 8-bit input to be processed as 16-bit input, leading to reads beyond allocated buffer boundaries by up to 2 bytes.

Recommendations Update to version 1.6.51 or later.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-70841

AZL-70856

AZL-70871

AZL-70886

AZL-70897

AZL-70903

AZL-70915

AZL-70931

AZL-70975

BDU:2026-02924

CVE-2025-64506

DLA-4396-1

DSA-6076-1

ECHO-DB6D-1C5E-5E4D

GHSA-QPR4-XM66-HWW6

MGASA-2025-0314

OESA-2025-2763

OPENSUSE-SU-2025:15781-1

OPENSUSE-SU-2026:20017-1

RHSA-2026:6732

SUSE-SU-2025:21217-1

SUSE-SU-2025:21220-1

SUSE-SU-2025:4436-1

SUSE-SU-2025:4494-1

SUSE-SU-2025:4533-1

SUSE-SU-2026:20030-1

SUSE-SU-2026:20073-1

USN-7924-1

Affected Products

Alt Linux

Debian

Libpng

Linuxmint

Red Os

Ubuntu

PT-2025-47830 · Libpng+5 · Libpng+5

CVE-2025-64506

Weakness Enumeration

Related Identifiers

Affected Products

References · 86