References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

http://www.openwall.com/lists/oss-security/2025/12/03/8

http://www.openwall.com/lists/oss-security/2025/12/03/7

http://www.openwall.com/lists/oss-security/2025/12/03/6

https://github.com/pnggroup/libpng/issues/764

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CWE-125

https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1

https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a

https://github.com/pnggroup/libpng/issues/764

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f