CVE-2025-65018 | libpng up to 1.6.50 png_combine_row heap-based overflow

November 22, 2025 Yanac

A vulnerability marked as critical has been reported in libpng up to 1.6.50. This impacts the function png_combine_row. Performing manipulation results in heap-based buffer overflow.

This vulnerability is cataloged as CVE-2025-65018. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
CVE-2025-64720 | libpng up to 1.6.50 png_image_read_composite out-of-bounds