vulnerability

Ubuntu: USN-7924-1 (CVE-2025-64720): libpng vulnerabilities

Try Surface Command
Back to search
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:C)
Published
Nov 25, 2025
Added
Dec 12, 2025
Modified
Dec 15, 2025

Description

It was discovered that libpng incorrectly handled memory when processing
certain PNG files, which could result in an out-of-bounds memory access.
If a user or automated system were tricked into opening a specially
crafted PNG file, an attacker could use this issue to cause libpng to
crash, resulting in a denial of service. (CVE-2025-64505)

It was discovered that libpng incorrectly handled memory when processing
8-bit images through the simplified write API with 'convert_to_8bit'
enabled, which could result in an out-of-bounds memory access. If a user
or automated system were tricked into opening a specially crafted 8-bit
PNG file, an attacker could use this issue to cause libpng to crash,
resulting in a denial of service. (CVE-2025-64506)

It was discovered that libpng incorrectly handled memory when processing
palette images with 'PNG_FLAG_OPTIMIZE_ALPHA' enabled, which could result
in an out-of-bounds memory access. If a user or automated system were
tricked into opening a specially crafted PNG file, an attacker could use
this issue to cause libpng to crash, resulting in a denial of service.
(CVE-2025-64720)

It was discovered that libpng incorrectly handled memory when processing
6-bit interlaced PNGs with 8-bit output format, which could result in an
out-of-bounds memory access. If a user or automated system were tricked
into opening a specially crafted PNG file, an attacker could use this
issue to cause libpng to crash, resulting in a denial of service.
(CVE-2025-65018)

Solutions

ubuntu-pro-upgrade-libpng16-16ubuntu-pro-upgrade-libpng16-16t64

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today