2418711 – (CVE-2025-66293) CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite

Bug 2418711 (CVE-2025-66293) - CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite

Summary: CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite

Keywords:
Status:	NEW
Alias:	CVE-2025-66293
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2418723 2418724 2418725 2418726 2418727 2418728 2418729 2418730 2418731 2418732 2418733 2418734 2418735 2418736 2418739 2418740 2418741 2418742 2418743 2418744 2418745 2418746 2418747 2418750 2418751 2418737 2418738 2418748 2418749
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-03 21:01 UTC by OSIDB Bzimport
Modified:	2025-12-03 23:07 UTC (History)
CC List:	17 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-03 21:01:34 UTC

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Note You need to log in before you can comment on or make changes to this bug.