Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

INFO

Published Date :

2025-11-24T23:45:38.315Z

Last Modified :

2025-11-25T19:28:20.336Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64720 vulnerability.

Vendors Products
Libpng
  • Libpng
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64720.

URL Resource
https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/issues/686 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/pull/751 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-64720 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-64720 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact