vulnerability
Ubuntu: USN-7924-1 (CVE-2025-65018): libpng vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:N/I:C/A:C) | Nov 25, 2025 | Dec 12, 2025 | Dec 15, 2025 |
Description
It was discovered that libpng incorrectly handled memory when processing
certain PNG files, which could result in an out-of-bounds memory access.
If a user or automated system were tricked into opening a specially
crafted PNG file, an attacker could use this issue to cause libpng to
crash, resulting in a denial of service. (CVE-2025-64505)
It was discovered that libpng incorrectly handled memory when processing
8-bit images through the simplified write API with 'convert_to_8bit'
enabled, which could result in an out-of-bounds memory access. If a user
or automated system were tricked into opening a specially crafted 8-bit
PNG file, an attacker could use this issue to cause libpng to crash,
resulting in a denial of service. (CVE-2025-64506)
It was discovered that libpng incorrectly handled memory when processing
palette images with 'PNG_FLAG_OPTIMIZE_ALPHA' enabled, which could result
in an out-of-bounds memory access. If a user or automated system were
tricked into opening a specially crafted PNG file, an attacker could use
this issue to cause libpng to crash, resulting in a denial of service.
(CVE-2025-64720)
It was discovered that libpng incorrectly handled memory when processing
6-bit interlaced PNGs with 8-bit output format, which could result in an
out-of-bounds memory access. If a user or automated system were tricked
into opening a specially crafted PNG file, an attacker could use this
issue to cause libpng to crash, resulting in a denial of service.
(CVE-2025-65018)
Solutions
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.