Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.

INFO

Published Date :

2025-11-24T23:41:09.207Z

Last Modified :

2025-11-25T19:27:04.161Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64506 vulnerability.

Vendors Products
Libpng
  • Libpng
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64506.

URL Resource
https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/pull/749 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-64506 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-64506 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact