CVE-2025-66293
Published: March 12, 2025
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
HIGH
CVSS v3: 7.1
CVSS v3: 7.1
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | libpng (1.6.40) | Needs Triage | ||
| 25.4 | libpng (1.6.40) | Needs Triage | ||
| 25.3 | libpng (1.6.40) | Needs Triage | ||
| 25.2 | libpng (1.6.40) | Needs Triage | ||
| 25.1.1 | libpng (1.6.40) | Needs Triage | ||
| 25.1 | libpng (1.6.40) | Needs Triage | ||
| 24.4 | libpng (1.6.40) | Needs Triage | ||
| 24.4.0 | libpng (1.6.40) | Needs Triage | ||
| 24.3 | libpng (1.6.40) | Needs Triage | ||
| 24.2.1 | libpng (1.6.40) | Needs Triage | ||
| 24.2 | libpng (1.6.40) | Needs Triage | ||
| 24.1 | libpng (1.6.40) | Needs Triage | ||
| 23.3 | libpng (1.6.40) | Needs Triage | ||
| 23.2.1 | libpng (1.6.37) | Needs Triage | ||
| 23.2 | libpng (1.6.37) | Needs Triage | ||
| 23.1 | libpng (1.6.37) | Needs Triage | ||
| 22.4 | libpng (1.6.37) | Needs Triage | ||
| 22.3 | libpng (1.6.37) | Needs Triage | ||
| 22.2 | libpng (1.6.37) | Needs Triage | ||
| 22.1 | libpng (1.6.37) | Needs Triage | ||
| 21.11.1 | libpng (1.6.37) | Needs Triage | ||
| 21.11 | libpng (1.6.37) | Needs Triage | ||
| 21.8.1 | libpng (1.6.37) | Needs Triage | ||
| 21.8 | libpng (1.6.37) | Needs Triage | ||
| 21.5.1 | libpng (1.6.37) | Needs Triage | ||
| 21.5.0 | libpng (1.6.37) | Needs Triage | ||
| 21.2.0 | libpng (1.6.37) | Needs Triage | ||
| 11.4.20 | libpng (1.6.37) | Needs Triage | ||
| 11.4.19.3667 | libpng (1.6.37) | Needs Triage | ||
| 11.4.18.3599 | libpng (1.6.37) | Needs Triage | ||
| 11.4.17 | libpng (1.6.37) | Needs Triage | ||
| 11.4.16.3445 | libpng (1.6.28) | Needs Triage | ||
| 11.4.15.3368 | libpng (1.6.28) | Needs Triage | ||
| 11.4.14.3263 | libpng (1.6.28) | Needs Triage | ||
| 11.4.13.3179 | libpng (1.6.28) | Needs Triage | ||
| 11.4.12.3054 | libpng (1.6.28) | Needs Triage | ||
| 11.4.11.3040 | libpng (1.6.28) | Needs Triage | ||
| 11.4.11.2990 | libpng (1.6.28) | Needs Triage | ||
| 11.4.10.2934 | libpng (1.6.28) | Needs Triage | ||
| 11.4.9.2878 | libpng (1.6.28) | Needs Triage | ||
| 11.4.8.2822 | libpng (1.6.28) | Needs Triage |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
HIGH
Base Score
7.1
Base Severity
HIGH
Confidentiality Impact
LOW
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Version
3.1