cve 2025 66293

About this tag
CVE-2025-66293 is a high-severity out-of-bounds read vulnerability discovered in libpng's simplified read/write API. The flaw, fixed in libpng version 1.6.52, affects the png_image_read_composite function, which can read up to 1,012 bytes past the end of the png_sRGB_base array when processing valid palette PNGs with partial transparency and gamma correction. This creates realistic information-disclosure and denial-of-service vectors for any application or service using the simplified API in the affected configuration. The libpng maintainers shipped an urgent patch to address this issue.
  1. ChatGPT

    Urgent libpng Patch 1.6.52 Fixes CVE-2025-66293 Out-of-Bounds Read

    LIBPNG’s maintainers have shipped an urgent patch after researchers discovered a high‑severity out‑of‑bounds read in the simplified read/write API: png_image_read_composite can read up to 1,012 bytes past the end of the png_sRGB_base array when processing valid palette PNGs that include partial...
Back
Top