Login Sign Up

CVE-2025-64720

7.1 HIGH

📋 TL;DR

This CVE describes an out-of-bounds read vulnerability in LIBPNG library versions 1.6.0 through 1.6.50. When processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled, the library incorrectly applies background compositing during premultiplication, potentially allowing attackers to read memory beyond allocated buffers. Applications using the affected LIBPNG versions to process PNG images are vulnerable.

💻 Affected Systems

Products:
  • LIBPNG (libpng library)
  • Applications using libpng for PNG image processing
Versions: 1.6.0 to 1.6.50
Operating Systems: All operating systems using affected libpng versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when PNG_FLAG_OPTIMIZE_ALPHA is enabled during palette image processing.

📦 What is this software?

Libpng by Libpng

View all CVEs affecting Libpng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure through memory leakage, potentially exposing sensitive data or application memory contents to attackers.

🟠

Likely Case

Application crashes (denial of service) or information leakage of adjacent memory contents.

🟢

If Mitigated

Minimal impact if proper input validation and memory protections are in place.

🌐 Internet-Facing: MEDIUM - Many web applications process user-uploaded PNG images, but exploitation requires specific PNG_FLAG_OPTIMIZE_ALPHA configuration.
🏢 Internal Only: LOW - Internal applications typically process trusted images, reducing attack surface.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting malicious PNG images and the specific flag configuration. No public exploits currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.51

Vendor Advisory: https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww

Restart Required: Yes

Instructions:

1. Download libpng 1.6.51 from official sources. 2. Replace existing libpng installation. 3. Recompile applications using libpng. 4. Restart affected services.

🔧 Temporary Workarounds

Disable PNG_FLAG_OPTIMIZE_ALPHA

all

Disable the vulnerable flag in applications using libpng

Modify application code to avoid setting PNG_FLAG_OPTIMIZE_ALPHA when processing palette images

🧯 If You Can't Patch

  • Implement strict input validation for PNG images
  • Use alternative image processing libraries for PNG handling

🔍 How to Verify

Check if Vulnerable:

Check libpng version with: pngtest --version or check library files for version 1.6.0-1.6.50

Check Version:

pngtest --version 2>/dev/null | grep -o 'libpng [0-9.]*'

Verify Fix Applied:

Verify libpng version is 1.6.51 or higher

📡 Detection & Monitoring

Log Indicators:

  • Application crashes during PNG processing
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual PNG file uploads to web applications
  • Repeated PNG processing failures

SIEM Query:

source="application.log" AND ("segmentation fault" OR "memory violation" OR "libpng") AND "png"

📊 Metadata

CVE ID: CVE-2025-64720
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CWE: CWE-125
EPSS Score: 0.07% exploit probability (21.6th percentile)
Published: November 25, 2025
Last Updated: November 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64720, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)