CNNVD-202512-331 Information
CNNVD ID
CNNVD-202512-331
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.52之前版本存在安全漏洞,该漏洞源于简化API存在越界读取,可能导致读取超出数组边界的数据。
Description (English)
Libpng is a PNG reference library for the creation, reading and writing of PNG graphics files from the Open Source of The PNG Development Group. There was a security loophole in the previous version of libpng 1.6.52, which resulted from the simplification of the API ’ s cross-border access, which could lead to the reading of data beyond the array boundaries.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
The PNG Development Group
Published
2025-12-03
Last Modified
2026-02-24
References
https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f http://www.openwall.com/lists/oss-security/2025/12/03/6 https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 https://github.com/pnggroup/libpng/issues/764 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66293 https://access.redhat.com/security/cve/cve-2025-66293
Patch
https://libpng.sourceforge.io/
Share on: