CVE-2025-64720

EUVD-2025-199237

25.11.2025, 00:15

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
libpng	libpng	1.6.0 ≤ 𝑥 < 1.6.51

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1607 (x64, x86)	KB5082198
1809 (x64, x86)	KB5082123
21H2 (arm64, x64, x86)	KB5082200
22H2 (arm64, x64, x86)	KB5082200

Windows 11

23H2 (arm64, x64)	KB5082052
24H2 (arm64, x64)	KB5082063
25H2 (x64)	KB5083769
26H1 (arm64, x64)	KB5083768

Windows Server 2012

Server Core	KB5082127
Standard	KB5082127

Windows Server 2012 R2

Server Core	KB5082126
Standard	KB5082126

Windows Server 2016

Server Core	KB5082198
Standard	KB5082198

Windows Server 2019

Server Core	KB5082123
Standard	KB5082123

Windows Server 2022

23H2 Server Core	KB5082060
Server Core	KB5082142
Standard	KB5082142

Windows Server 2025

Server Core	KB5082063
Standard	KB5082063

Debian Releases

Debian Product

Codename

libpng1.6

bookworm	1.6.39-2+deb12u1 fixed
bookworm (security)	1.6.39-2+deb12u4 fixed
bullseye	vulnerable
bullseye (security)	1.6.37-3+deb11u3 fixed
forky	1.6.56-1 fixed
sid	1.6.58-1 fixed
trixie	1.6.48-1+deb13u3 fixed
trixie (security)	1.6.48-1+deb13u4 fixed

Ubuntu Releases

Ubuntu Product

Codename

libpng

jammy	dne
noble	dne
plucky	dne
questing	dne
trusty	not-affected
xenial	not-affected

libpng1.6

bionic	Fixed 1.6.34-1ubuntu0.18.04.2+esm1 released
focal	Fixed 1.6.37-2ubuntu0.1~esm1 released
jammy	Fixed 1.6.37-3ubuntu0.1 released
noble	Fixed 1.6.43-5ubuntu0.1 released
plucky	Fixed 1.6.47-1.1ubuntu0.1 released
questing	Fixed 1.6.50-1ubuntu0.1 released
xenial	Fixed 1.6.20-2ubuntu0.1~esm2 released

firefox

jammy	not-affected
noble	not-affected
plucky	not-affected
questing	not-affected

thunderbird

jammy	not-affected
noble	not-affected
plucky	ignored
questing	not-affected

chromium-browser

jammy	not-affected
noble	not-affected
plucky	not-affected
questing	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643

https://github.com/pnggroup/libpng/issues/686

https://github.com/pnggroup/libpng/pull/751

https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww