原文
Message-ID: <CAAoVtZw-pkvsSTaXAHjDdUC3NRDwvwVNT8D4BpO5z3d79W-FVg@mail.gmail.com> Date: Sat, 22 Nov 2025 03:27:35 +0200 From: Cosmin Truta <[email protected]> To: [email protected] Subject: libpng 1.6.51: Four buffer overflow vulnerabilities fixed: CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018 Hello, everyone, libpng 1.6.51 has been released to address four buffer overflow vulnerabilities discovered through fuzzing and security research. This release fixes two high-severity and two moderate-severity CVEs affecting libpng 1.6.0 through 1.6.50. CVE-2025-64505 (CVSS 6.1, Moderate): Heap buffer over-read in png_do_quantize via malformed palette index. CVE-2025-64506 (CVSS 6.1, Moderate): Heap buffer over-read in png_write_image_8bit with 8-bit input and convert_to_8bit enabled. CVE-2025-64720 (CVSS 7.1, High): Out-of-bounds read in png_image_read_composite via palette premultiplication with PNG_FLAG_OPTIMIZE_ALPHA. CVE-2025-65018 (CVSS 7.1, High): Heap buffer overflow in png_combine_row triggered via png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. All vulnerabilities require user interaction (processing a malicious PNG file) and can result in information disclosure and/or denial of service. CVE-2025-65018 may enable arbitrary code execution via heap corruption in certain heap configurations. GitHub Security Advisories: - CVE-2025-64505: https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42 - CVE-2025-64506: https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6 - CVE-2025-64720: https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww - CVE-2025-65018: https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g Fixes: - CVE-2025-64505: https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 - CVE-2025-64506: https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 - CVE-2025-64720: https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 - CVE-2025-65018: https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea Note: CVE-2025-65018 requires both commits for correct remediation. Release: https://github.com/pnggroup/libpng/releases/tag/v1.6.51 Credit: Samsung-PENTEST (CVE-2025-64505, CVE-2025-64506, CVE-2025-64720), weijinjinnihao (CVE-2025-64506), yosiimich (CVE-2025-65018), with analysis by Fabio Gritti and John Bowler. Users should upgrade to libpng 1.6.51 immediately. Cosmin Truta libpng maintainer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.