Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.

INFO

Published Date :

2025-11-24T23:38:40.405Z

Last Modified :

2025-11-25T18:55:50.619Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64505 vulnerability.

Vendors Products
Libpng
  • Libpng
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64505.

URL Resource
https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/pull/748 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-64505 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-64505 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact