libpng 1.6.01.6.50 Heap Buffer Overflow in png_image_finish_read
CVE-2025-65018 Published on November 24, 2025

LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

NVD

Vulnerability Analysis

CVE-2025-65018 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2025-65018. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Types

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2025-65018 has been classified to as a Memory Corruption vulnerability or weakness.

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().


Products Associated with CVE-2025-65018

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-65018 are published in these products:

Libpng
 
Canonical Ubuntu Linux
 
Oracle
 

Affected Versions

pnggroup libpng Version >= 1.6.0, < 1.6.51 is affected by CVE-2025-65018

Exploit Probability

EPSS
0.07%
Percentile
20.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.