CVE-2025-65018 — Heap-based Buffer Overflow in Libpng
Severity
7.1HIGHNVD
OSV6.1
EPSS
0.1%
top 73.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 25
Latest updateJan 15
Description
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages2 packages
Patches
🔴Vulnerability Details
5OSV▶
CVE-2026-22695: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files↗2026-01-12
CVEList▶
LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)↗2026-01-12
OSV▶
CVE-2025-65018: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files↗2025-11-25
CVEList▶
LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`↗2025-11-24
📋Vendor Advisories
8Microsoft▶
LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)↗2026-01-13
Red Hat▶
libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read↗2026-01-12
Debian▶
CVE-2026-22695: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man...↗2026