CVE-2025-65018

Name of the Vulnerable Software and Affected Versions libpng versions 1.6.0 through 1.6.50 libpng1.6 (affected versions not specified)

Description The libpng library contains a heap buffer overflow issue in the png image finish read function when processing 16-bit interlaced PNGs with 8-bit output format. This can occur when handling specially crafted PNG files, potentially leading to memory corruption, arbitrary code execution, or denial of service. The vulnerability is triggered via the png combine row function. Approximately 600 dependent packages in Ubuntu may be affected. The PlayStation 4 (PS4) and PlayStation 5 (PS5) are also potentially affected, with versions PS5 12.20 and PS4 13.02 theoretically vulnerable.

Recommendations Upgrade to libpng version 1.6.51 or later. For Debian oldstable distribution (bookworm), upgrade to libpng1.6 version 1.6.39-2+deb12u1 or later. For Debian stable distribution (trixie), upgrade to libpng1.6 version 1.6.48-1+deb13u1 or later.