Beyond security

Language

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2025-66293

High

Low Medium High Critical

7.1

CVSS Score

Published: Dec 03, 2025

Last Modified: Dec 16, 2025

Vulnerability Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Attack Vector

N

Attack Complexity

L

Privileges Required

N

User Interaction

R

Scope

U

Confidentiality

L

Integrity

N

Availability

H

Available Security Patches

2 patches available from vendors

View All Patches

Canonical (Ubuntu)

USN-7963-1

USN-7963-1: libpng vulnerabilities

Severity

Unknown

Released

Jan 14, 2026

Security Update

View Details Vendor Page

SUSE

CVE-2025-66293

CVE-2025-66293

Severity

Unknown

Released

Dec 23, 2025

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

7.1

out of 10.0

High

Key Information

Published Date: December 03, 2025

External Resources

NIST

National Vulnerability Database

Detailed vulnerability info

Official CVE record