Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

INFO

Published Date :

2025-11-24T23:50:18.294Z

Last Modified :

2025-11-25T19:29:33.633Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65018 vulnerability.

Vendors Products
Libpng
  • Libpng
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65018.

URL Resource
https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/issues/755 cve-icon cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/pull/757 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-65018 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-65018 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact