CVE-2025-66293

EUVD-2025-201132

03.12.2025, 21:15

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
GitHub_M	CNA	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Affected Products (NVD)

Vendor	Product	Version
libpng	libpng	𝑥 < 1.6.52

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libpng1.6

bookworm	1.6.39-2+deb12u1 fixed
bookworm (security)	1.6.39-2+deb12u3 fixed
bullseye	vulnerable
bullseye (security)	1.6.37-3+deb11u2 fixed
forky	1.6.55-1 fixed
sid	1.6.55-1 fixed
trixie	1.6.48-1+deb13u1 fixed
trixie (security)	1.6.48-1+deb13u3 fixed

Ubuntu Releases

Ubuntu Product

Codename

libpng

jammy	dne
noble	dne
plucky	dne
questing	dne
trusty	not-affected
xenial	not-affected

firefox

jammy	not-affected
noble	not-affected
plucky	not-affected
questing	not-affected

thunderbird

jammy	not-affected
noble	not-affected
plucky	ignored
questing	not-affected

chromium-browser

jammy	not-affected
noble	not-affected
plucky	not-affected
questing	not-affected

libpng1.6

bionic	Fixed 1.6.34-1ubuntu0.18.04.2+esm2 released
focal	Fixed 1.6.37-2ubuntu0.1~esm2 released
jammy	Fixed 1.6.37-3ubuntu0.3 released
noble	Fixed 1.6.43-5ubuntu0.3 released
plucky	Fixed 1.6.47-1.1ubuntu0.3 released
questing	Fixed 1.6.50-1ubuntu0.3 released
xenial	Fixed 1.6.20-2ubuntu0.1~esm3 released

Known Exploits!

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

https://github.com/pnggroup/libpng/issues/764

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

http://www.openwall.com/lists/oss-security/2025/12/03/6

http://www.openwall.com/lists/oss-security/2025/12/03/7

http://www.openwall.com/lists/oss-security/2025/12/03/8

https://github.com/pnggroup/libpng/issues/764