Fluid Attacks Database

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libpng1.6	=1.6.39-2 \|\| >=0 <1.6.39-2+deb12u1	1.6.39-2+deb12u1
alpine v3.23	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.37-r0 \|\| =1.6.37-r1 \|\| =1.6.37-r2 \|\| =1.6.38-r0 \|\| =1.6.39-r0 \|\| =1.6.39-r1 \|\| =1.6.39-r2 \|\| =1.6.39-r3 \|\| =1.6.39-r4 \|\| =1.6.40-r0 \|\| =1.6.41-r0 \|\| =1.6.42-r0 \|\| =1.6.43-r0 \|\| =1.6.44-r0 \|\| =1.6.45-r0 \|\| =1.6.46-r0 \|\| =1.6.47-r0 \|\| =1.6.49-r0 \|\| =1.6.5-r0 \|\| =1.6.51-r0 \|\| =1.6.51-r1 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.53-r0	1.6.53-r0
alpine v3.20	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.37-r0 \|\| =1.6.37-r1 \|\| =1.6.37-r2 \|\| =1.6.38-r0 \|\| =1.6.39-r0 \|\| =1.6.39-r1 \|\| =1.6.39-r2 \|\| =1.6.39-r3 \|\| =1.6.39-r4 \|\| =1.6.40-r0 \|\| =1.6.41-r0 \|\| =1.6.42-r0 \|\| =1.6.43-r0 \|\| =1.6.44-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.53-r0	1.6.53-r0
alpine v3.21	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.37-r0 \|\| =1.6.37-r1 \|\| =1.6.37-r2 \|\| =1.6.38-r0 \|\| =1.6.39-r0 \|\| =1.6.39-r1 \|\| =1.6.39-r2 \|\| =1.6.39-r3 \|\| =1.6.39-r4 \|\| =1.6.40-r0 \|\| =1.6.41-r0 \|\| =1.6.42-r0 \|\| =1.6.43-r0 \|\| =1.6.44-r0 \|\| =1.6.47-r0 \|\| =1.6.5-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.53-r0	1.6.53-r0
alpine v3.22	libpng	=1.2.34-r0 \|\| =1.2.35-r0 \|\| =1.2.36-r0 \|\| =1.2.37-r0 \|\| =1.2.38-r0 \|\| =1.2.39-r0 \|\| =1.2.40-r0 \|\| =1.4.0-r0 \|\| =1.4.1-r0 \|\| =1.4.1-r1 \|\| =1.4.2-r0 \|\| =1.4.3-r0 \|\| =1.4.4-r0 \|\| =1.4.5-r0 \|\| =1.4.5-r1 \|\| =1.5.10-r0 \|\| =1.5.11-r0 \|\| =1.5.12-r0 \|\| =1.5.13-r0 \|\| =1.5.14-r0 \|\| =1.5.15-r0 \|\| =1.5.16-r0 \|\| =1.5.17-r0 \|\| =1.5.2-r0 \|\| =1.5.2-r1 \|\| =1.5.2-r2 \|\| =1.5.4-r0 \|\| =1.5.5-r0 \|\| =1.5.5-r1 \|\| =1.5.8-r0 \|\| =1.5.9-r0 \|\| =1.6.10-r0 \|\| =1.6.12-r0 \|\| =1.6.13-r0 \|\| =1.6.14-r0 \|\| =1.6.15-r0 \|\| =1.6.16-r0 \|\| =1.6.17-r0 \|\| =1.6.18-r0 \|\| =1.6.19-r0 \|\| =1.6.20-r0 \|\| =1.6.21-r0 \|\| =1.6.22-r0 \|\| =1.6.23-r0 \|\| =1.6.23-r1 \|\| =1.6.23-r2 \|\| =1.6.24-r0 \|\| =1.6.25-r0 \|\| =1.6.26-r0 \|\| =1.6.27-r0 \|\| =1.6.27-r1 \|\| =1.6.28-r0 \|\| =1.6.29-r0 \|\| =1.6.29-r1 \|\| =1.6.3-r0 \|\| =1.6.30-r0 \|\| =1.6.31-r0 \|\| =1.6.32-r0 \|\| =1.6.34-r0 \|\| =1.6.34-r1 \|\| =1.6.35-r0 \|\| =1.6.37-r0 \|\| =1.6.37-r1 \|\| =1.6.37-r2 \|\| =1.6.38-r0 \|\| =1.6.39-r0 \|\| =1.6.39-r1 \|\| =1.6.39-r2 \|\| =1.6.39-r3 \|\| =1.6.39-r4 \|\| =1.6.40-r0 \|\| =1.6.41-r0 \|\| =1.6.42-r0 \|\| =1.6.43-r0 \|\| =1.6.44-r0 \|\| =1.6.45-r0 \|\| =1.6.46-r0 \|\| =1.6.47-r0 \|\| =1.6.5-r0 \|\| =1.6.51-r0 \|\| =1.6.6-r0 \|\| =1.6.7-r0 \|\| =1.6.8-r0 \|\| =1.6.9-r0 \|\| >=0 <1.6.53-r0	1.6.53-r0
debian 14	libpng1.6	=1.6.48-1 \|\| =1.6.49-1~exp1 \|\| =1.6.50-1 \|\| =1.6.50-1~exp1 \|\| =1.6.51-1 \|\| >=0 <1.6.52-1	1.6.52-1
debian 13	libpng1.6	=1.6.48-1 \|\| >=0 <1.6.48-1+deb13u1	1.6.48-1+deb13u1
debian 11	libpng1.6	=1.6.37-3 \|\| >=0 <1.6.37-3+deb11u1	1.6.37-3+deb11u1
rpm rhel9	java-17-openjdk	<1:17.0.19.0.10-2.el9	1:17.0.19.0.10-2.el9
rpm rhel10	libpng	<2:1.6.40-8.el10_1.1	2:1.6.40-8.el10_1.1

1-10 of 28

Aliases

1. CVE-2025-662932. NVD-2025-662933. OSV-DEBIAN-2025-662934. OSV-2025-662935. OSV-ALPINE-2025-662936. SECURITY-TRACKER-CVE-2025-662937. SECURITY-CVE-2025-66293

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.