CVE-2025-66293

03.12.2025, 21:15

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
GitHub_M	CNA	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

libpng1.6

bullseye	vulnerable
bookworm	vulnerable
trixie	vulnerable
forky	vulnerable
sid	1.6.52-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libpng

questing	dne
plucky	dne
noble	dne
jammy	dne
xenial	needs-triage
trusty	needs-triage

libpng1.6

questing	needs-triage
plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

firefox

questing	not-affected
plucky	not-affected
noble	not-affected
jammy	not-affected

thunderbird

questing	needs-triage
plucky	needs-triage
noble	needs-triage
jammy	needs-triage

chromium-browser

questing	not-affected
plucky	not-affected
noble	not-affected
jammy	not-affected

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] libpng: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libpng ausnutzen, um einen Denial of Service Angriff durchzuführen, und um Informationen offenzulegen.
Published: 2025-12-03T23:00:00+00:00

References

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

https://github.com/pnggroup/libpng/issues/764

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f

http://www.openwall.com/lists/oss-security/2025/12/03/6

http://www.openwall.com/lists/oss-security/2025/12/03/7

http://www.openwall.com/lists/oss-security/2025/12/03/8

https://github.com/pnggroup/libpng/issues/764