Libpng 1.6.51: Four buffer overflow vulnerabilities fixed
14 hours ago
- #buffer-overflow
- #security
- #libpng
- libpng 1.6.51 released to fix four buffer overflow vulnerabilities.
- Two high-severity (CVE-2025-64720, CVE-2025-65018) and two moderate-severity (CVE-2025-64505, CVE-2025-64506) vulnerabilities addressed.
- Vulnerabilities include heap buffer over-reads and out-of-bounds reads.
- All require processing a malicious PNG file, leading to information disclosure, denial of service, or arbitrary code execution.
- GitHub Security Advisories and specific commit fixes provided for each CVE.
- Users urged to upgrade to libpng 1.6.51 immediately.