Bug 2416905 (CVE-2025-64505) - CVE-2025-64505 libpng: LIBPNG heap buffer overflow via malformed palette index
Summary: CVE-2025-64505 libpng: LIBPNG heap buffer overflow via malformed palette index
Keywords:
Status: NEW
Alias: CVE-2025-64505
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2418394 2418395 2418397 2418398 2418400 2418401 2418402 2418403 2418405 2418406 2418407 2418408 2418409 2418411 2418412 2418416 2418417 2418418 2418419 2418420 2418421 2418422 2418423 2418424 2418396 2418399 2418404 2418410 2418413 2418414 2418415 2418425 2418426 2418427
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-11-25 00:01 UTC by OSIDB Bzimport
Modified: 2026-01-05 15:05 UTC (History)
21 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-11-25 00:01:24 UTC 
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
Note You need to log in before you can comment on or make changes to this bug.