You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 66293
About this tag
CVE-2025-66293 is a high-severity out-of-bounds read vulnerability discovered in libpng's simplified read/write API. The flaw, fixed in libpng version 1.6.52, affects the png_image_read_composite function, which can read up to 1,012 bytes past the end of the png_sRGB_base array when processing valid palette PNGs with partial transparency and gamma correction. This creates realistic information-disclosure and denial-of-service vectors for any application or service using the simplified API in the affected configuration. The libpng maintainers shipped an urgent patch to address this issue.
LIBPNG’s maintainers have shipped an urgent patch after researchers discovered a high‑severity out‑of‑bounds read in the simplified read/write API: png_image_read_composite can read up to 1,012 bytes past the end of the png_sRGB_base array when processing valid palette PNGs that include partial...