CVE-2025-64720 | libpng up to 1.6.50 png_image_read_composite out-of-bounds

November 22, 2025 Yanac

A vulnerability labeled as problematic has been found in libpng up to 1.6.50. This affects the function png_image_read_composite. Such manipulation leads to out-of-bounds read.

This vulnerability is listed as CVE-2025-64720. The attack may be performed from remote. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More