LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification, the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
Published: 2025-12-03
CVSS: 7.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Download Exploit for CVE-2025-66293 here:
Use Tor Browser to access .onion links.
Check our team here:
