{"id":"CVE-2025-64506","summary":"LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images","details":"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.","aliases":["GHSA-qpr4-xm66-hww6"],"modified":"2026-05-18T05:59:38.318711139Z","published":"2025-11-24T23:41:09.207Z","related":["SUSE-SU-2025:21217-1","SUSE-SU-2025:21220-1","SUSE-SU-2025:4436-1","SUSE-SU-2025:4494-1","SUSE-SU-2025:4533-1","SUSE-SU-2026:20030-1","SUSE-SU-2026:20073-1","openSUSE-SU-2025:15781-1","openSUSE-SU-2026:20017-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64506.json","cwe_ids":["CWE-125"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64506.json"},{"type":"ADVISORY","url":"https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64506"},{"type":"FIX","url":"https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821"},{"type":"FIX","url":"https://github.com/pnggroup/libpng/pull/749"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pnggroup/libpng","events":[{"introduced":"c53778ff53a73ad2d676602f5dc7019566be5058"},{"fixed":"49363adcfaf098748d7a4c8c624ad8c45a8c3a86"}]}],"versions":["v1.6.50","v1.6.49","v1.6.48","v1.6.47","v1.6.46","v1.6.45","v1.6.44","v1.6.43","v1.6.42","v1.6.41","v1.6.40","v1.6.39","v1.6.38","v1.6.37","v1.6.36","v1.6.35","v1.6.35beta01","v1.6.34","v1.6.33","v1.6.33rc02","v1.6.33rc01","v1.6.33beta03","v1.6.33beta02","v1.6.33beta01","v1.6.32","v1.6.32rc02","v1.6.32rc01","v1.6.32beta11","v1.6.32beta10","v1.6.32beta09","v1.6.32beta08","v1.6.32beta07","v1.6.32beta06","v1.6.32beta05","v1.6.32beta03","v1.6.32beta02","v1.6.32beta01","v1.6.31","libpng-1.6.31-signed","libpng-1.6.31-master-signed","v1.6.31rc02","v1.6.31rc01","v1.6.31beta07","v1.6.31beta06","v1.6.31beta05","v1.6.31beta04","v1.6.31beta03","v1.6.31beta02","v1.6.31beta01","v1.6.30","libpng-1.6.30-signed","libpng-1.6.30-master-signed","v1.6.30rc01","v1.6.30beta04","v1.6.30beta03","v1.6.30beta02","v1.6.30beta01","v1.6.29","libpng-1.6.29-signed","v1.6.29rc01","v1.6.29beta03","v1.6.29beta02","v1.6.27beta01","v1.6.26","libpng-1.6.26-signed","v1.6.26rc01","v1.6.26beta06","v1.6.26beta05","v1.6.26beta04","v1.6.26beta03","v1.6.26beta02","v1.6.26beta01","v1.6.25","libpng-1.6.25-signed","v1.6.25rc04","v1.6.25beta02","v1.6.24","libpng-1.6.24-signed","v1.6.24rc03","v1.6.24rc02","v1.6.24rc01","v1.6.24beta06","v1.6.24beta05","v1.6.24beta04","v1.6.24beta03","v1.6.24beta02","v1.6.23","libpng-1.6.23-signed","v1.6.23rc02","v1.6.23rc01","v1.6.23beta01","v1.6.22","v1.6.22rc03","v1.6.22rc02","v1.6.22rc01","v1.6.22beta06","v1.6.22beta05","v1.6.22beta02","v1.6.22beta01","v1.6.21","libpng-1.6.21-signed","v1.6.21rc02","v1.6.21rc01","v1.6.21beta03","v1.6.21beta02","v1.6.21beta01","libpng-1.6.20-signed","v1.6.20rc02","v1.6.20rc01","v1.6.20beta03","v1.6.20beta02","v1.6.20beta01","v1.6.19","v1.6.19rc04","v1.6.19rc03","v1.6.19rc02","v1.6.19rc01","v1.6.19beta04","v1.6.19beta03","v1.6.19beta02","v1.6.19beta01","v1.6.18","libpng-1.6.18-signed","v1.6.18rc03","v1.6.18rc02","v1.6.18rc01","v1.6.18beta09","v1.6.18beta08","v1.6.18beta07","v1.6.18beta06","v1.6.18beta05","v1.6.18beta04","v1.6.18beta03","v1.6.18beta02","v1.6.18beta01","v1.6.17","libpng-1.6.17-signed","v1.6.17rc06","v1.6.17rc05","v1.6.17rc04","v1.6.17rc03","v1.6.17rc02","v1.6.17rc01","v1.6.17beta05","v1.6.17beta04","v1.6.17beta03","v1.6.17beta02","v1.6.17beta01","v1.6.16","libpng-1.6.16-signed","v1.6.16rc03","v1.6.16rc02","v1.6.16rc01","v1.6.16beta03","v1.6.16beta02","v1.6.16beta01","v1.6.15","libpng-1.6.15-signed","v1.6.15rc03","v1.6.15rc02","v1.6.15rc01","v1.6.15beta08","v1.6.15beta07","v1.6.15beta06","v1.6.15beta05","v1.6.15beta04","v1.6.15beta03","v1.6.15beta02","v1.6.15beta01","v1.6.14","libpng-1.6.14-signed","v1.6.14rc02","v1.6.14rc01","v1.6.14beta07","v1.6.14beta06","v1.6.14beta05","v1.6.14beta04","v1.6.14beta03","v1.6.14beta02","v1.6.14beta01","v1.6.13","libpng-1.6.13-signed","v1.6.13rc01","v1.6.13beta04","v1.6.13beta03","v1.6.13beta02","v1.6.13beta01","v1.6.12","libpng-1.6.12-signed","v1.6.12rc03","v1.6.12rc02","v1.6.12rc01","v1.6.11","libpng-1.6.11-signed","v1.6.11rc02","v1.6.11rc01","v1.6.11beta06","v1.6.11beta05","v1.6.11beta04","v1.6.11beta03","v1.6.11beta02","v1.6.11beta01","v1.6.10","libpng-1.6.10-signed","v1.6.10rc03","v1.6.10rc02","v1.6.10rc01","v1.6.10beta02","v1.6.10beta01","v1.6.9","libpng-1.6.9-signed","v1.6.9rc02","v1.6.9rc01","v1.6.9beta03","v1.6.9beta02","v1.6.9beta01","v1.6.8","libpng-1.6.8-signed","v1.6.8rc02","v1.6.8beta02","v1.6.8beta01","v1.6.7","libpng-1.6.7-signed","v1.6.7rc02","v1.6.7rc01","v1.6.7beta04","v1.6.7beta03","v1.6.7beta02","v1.6.7beta01","v1.6.6","v1.6.5","v1.6.4","libpng-1.6.4-signed","v1.6.4rc01","v1.6.4beta02","v1.6.3","libpng-1.6.3-signed","v1.6.3rc01","v1.6.3beta10","v1.6.3beta09","v1.6.3beta08","v1.6.3beta07","v1.6.3beta06","v1.6.3beta05","v1.6.3beta04","v1.6.3beta03","v1.6.3beta02","v1.6.3beta01","v1.6.2","libpng-1.6.2-signed","v1.6.2rc06","v1.6.2rc05","v1.6.2rc04","v1.6.2rc03","v1.6.2rc02","v1.6.2rc01","v1.6.2beta02","v1.6.2beta01","v1.6.1","v1.6.1rc01","v1.6.1beta09","v1.6.1beta08","v1.6.1beta07","v1.6.1beta06","v1.6.1beta05","v1.6.1beta04","v1.6.1beta03","v1.6.1beta02","v1.6.1beta01","v1.6.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-64506.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}]}