2416906 – (CVE-2025-64506) CVE-2025-64506 libpng: LIBPNG heap buffer over-read

Bug 2416906 (CVE-2025-64506) - CVE-2025-64506 libpng: LIBPNG heap buffer over-read

Summary: CVE-2025-64506 libpng: LIBPNG heap buffer over-read

Keywords:
Status:	NEW
Alias:	CVE-2025-64506
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2417422 2417425 2417428 2417430 2417432 2417435 2417438 2417440 2417445 2417449 2417451 2417453 2417455 2417462 2417465 2417474 2417477 2417479 2417481 2417483 2417485 2417490 2417459 2417468 2417470 2417487 2417489 2417491 2417492
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-25 00:01 UTC by OSIDB Bzimport
Modified:	2026-01-05 15:05 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-25 00:01:31 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.

Note You need to log in before you can comment on or make changes to this bug.