CVE-2025-66293

03.12.2025, 21:15

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
GitHub_M	CNA	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Vendor	Product	Version
libpng	libpng	𝑥 < 1.6.52

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libpng1.6

bullseye	vulnerable
bullseye (security)	1.6.37-3+deb11u1 fixed
bookworm	1.6.39-2+deb12u1 fixed
bookworm (security)	1.6.39-2+deb12u1 fixed
trixie (security)	1.6.48-1+deb13u1 fixed
trixie	1.6.48-1+deb13u1 fixed
forky	1.6.53-1 fixed
sid	1.6.53-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libpng

questing	dne
plucky	dne
noble	dne
jammy	dne
xenial	not-affected
trusty	not-affected

libpng1.6

questing	Fixed 1.6.50-1ubuntu0.3 released
plucky	Fixed 1.6.47-1.1ubuntu0.3 released
noble	Fixed 1.6.43-5ubuntu0.3 released
jammy	Fixed 1.6.37-3ubuntu0.3 released
focal	needs-triage
bionic	needs-triage
xenial	needs-triage