This vulnerability allows a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with an 8-bit output format and non-minimal row stride. The issue arises in versions 1.6.51 to 1.6.53 and was introduced as a regression from the fix for CVE-2025-65018. The vulnerability has been addressed in version 1.6.54.
With a CVSS score of 6.1, this vulnerability is categorized as medium severity. It is crucial for organizations to recognize the potential risks associated with this vulnerability, especially in applications that read, create, and manipulate PNG files.
Risk to organizations includes potential data leakage or application instability when handling vulnerable PNG files. Although there are currently no known exploits, organizations should prioritize patching immediately.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)