CVE-2025-65018

Summary

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

Affected Software

VendorProductVersion RangeStatus
pnggrouplibpng>= 1.6.0, < 1.6.51affected

Weaknesses

  • CWE-787: CWE-787: Out-of-bounds Write
  • CWE-122: CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References