AI description
CVE-2025-65018 is a heap buffer overflow vulnerability found in libpng version 1.6.0 through 1.6.50. It is triggered within the `png_combine_row` function, specifically when processing 16-bit interlaced PNG images with an 8-bit output format via `png_image_finish_read`. This vulnerability requires user interaction, as it is triggered by processing a malicious PNG file. Successful exploitation could lead to information disclosure and/or a denial of service. In certain heap configurations, it may also enable arbitrary code execution due to heap corruption.
- Description
- LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- libpng
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-122
- Hype score
- Not currently trending
CVE-2025-65018 (CVSS:7.1, HIGH) is Analyzed. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) ..https://t.co/5FH0eDSFCl #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
30 Nov 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[PS5] Une Poc du CVE-2025-65018 confirmée fonctionnelle sur PS5 https://t.co/KZrkPzxTLn https://t.co/QGUukGtcwp
@SwitchTools
26 Nov 2025
2139 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Poc for CVE-2025-65018 Heap-buffer-overflow-in-libpng-ps4-ps5 https://t.co/fIwhMQOmkM
@master_s9
25 Nov 2025
22370 Impressions
10 Retweets
179 Likes
26 Bookmarks
10 Replies
4 Quotes
CVE-2025-65018 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to befo… https://t.co/blKWgYwtAj
@CVEnew
25 Nov 2025
201 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #libpng: disponibili #PoC per lo sfruttamento delle CVE-2025-64720 e CVE-2025-65018 Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔸 Information Disclosure 🔸 Denial of Service 🔗 https://t.co/JEQOigSmUN ⚠ Importante mantenere aggi… https://t.
@Vulcanux_
24 Nov 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #libpng: disponibili #PoC per lo sfruttamento delle CVE-2025-64720 e CVE-2025-65018 Rischio: 🔴 Tipologia: 🔸 Arbitrary Code Execution 🔸 Information Disclosure 🔸 Denial of Service 🔗 https://t.co/kdAjebWMmD ⚠ Importante mantenere aggiornati i sistemi https:/
@csirt_it
24 Nov 2025
641 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
new bug in libpng could affect PS4, heap buffer overflow CVE-2025-65018 - Memory Corruption - Arbitrary Code Execution - Denial of Service Affected Software: - Image viewers supporting 16-bit PNG images. - Game engines loading 16-bit PNG textures. https://t.co/dcnBIYKyXr ht
@BrutalSam_
23 Nov 2025
34685 Impressions
12 Retweets
117 Likes
23 Bookmarks
7 Replies
4 Quotes
CVE-2025-65018 libpng 1.6.51 https://t.co/Uu67S2KH2p
@VulmonFeeds
22 Nov 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
libpng 1.6.51: Four buffer overflow vulnerabilities fixed https://t.co/qBuxMJIllC CVE-2025-64505, CVE-2025-64506, CVE-2025-64720: Out-of-bounds reads, can result in information disclosure, denial of service CVE-2025-65018: Heap buffer overflow, may enable arbitrary code execution
@oss_security
22 Nov 2025
7010 Impressions
8 Retweets
53 Likes
21 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3545FEA5-4FFA-4955-BFDA-CC3602C9A894",
"versionEndExcluding": "1.6.51",
"versionStartIncluding": "1.6.0"
}
],
"operator": "OR"
}
]
}
]