It was discovered that libpng incorrectly handled memory when processing certain PNG files, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64505) It was discovered that libpng incorrectly handled memory when processing 8-bit images through the simplified write API with 'convert_to_8bit' enabled, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted 8-bit PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64506) It was discovered that libpng incorrectly handled memory when processing palette images with 'PNG_FLAG_OPTIMIZE_ALPHA' enabled, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64720) It was discovered that libpng incorrectly handled memory when processing 6-bit interlaced PNGs with 8-bit output format, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-65018)
Continue reading...
Continue reading...
