2416904 – (CVE-2025-64720) CVE-2025-64720 libpng: LIBPNG buffer overflow

Bug 2416904 (CVE-2025-64720) - CVE-2025-64720 libpng: LIBPNG buffer overflow

Summary: CVE-2025-64720 libpng: LIBPNG buffer overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-64720
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2417401 2417402 2417403 2417404 2417405 2417406 2417408 2417411 2417414 2417418 2417420 2417424 2417426 2417429 2417434 2417436 2417439 2417441 2417443 2417447 2417450 2417454 2417457 2417461 2417464 2417467 2417469 2417472 2417476
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-25 00:01 UTC by OSIDB Bzimport
Modified:	2025-11-27 00:49 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-25 00:01:18 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.

Note You need to log in before you can comment on or make changes to this bug.