CVE-2025-66293Out-of-bounds Read in Libpng

CWE-125Out-of-bounds Read11 documents8 sources
Severity
7.1HIGHNVD
EPSS
0.1%
top 69.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pnggroup LibpngLibpng
Timeline
PublishedDec 3
Latest updateFeb 12

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state ma

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDlibpng/libpng< 1.6.52
CVEListV5pnggroup/libpng< 1.6.52

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
libpng1.6 vulnerabilities2026-02-12
OSV
libpng1.6 vulnerabilities2026-01-14
OSV
CVE-2025-66293: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files2025-12-03
CVEList
LIBPNG has an out-of-bounds read in png_image_read_composite2025-12-03

📋Vendor Advisories

5
Ubuntu
libpng vulnerabilities2026-02-12
Ubuntu
libpng vulnerabilities2026-01-14
Microsoft
LIBPNG has an out-of-bounds read in png_image_read_composite2025-12-09
Red Hat
libpng: LIBPNG out-of-bounds read in png_image_read_composite2025-12-03
Debian
CVE-2025-66293: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man...2025

💬Community

1
Bugzilla
CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite2025-12-03