ALPINE-CVE-2025-65018

Source
https://security.alpinelinux.org/vuln/CVE-2025-65018
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-65018.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2025-65018
Upstream
Published
2025-11-25T00:15:47.610Z
Modified
2026-07-08T04:30:11.929041516Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

References

Affected packages

Alpine:v3.20 / libpng

Package

Name
libpng
Purl
pkg:apk/alpine/libpng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.0
Fixed
1.6.53-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-65018.json"

Alpine:v3.21 / libpng

Package

Name
libpng
Purl
pkg:apk/alpine/libpng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.0
Fixed
1.6.53-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-65018.json"

Alpine:v3.22 / libpng

Package

Name
libpng
Purl
pkg:apk/alpine/libpng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.0
Fixed
1.6.51-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-65018.json"

Alpine:v3.23 / libpng

Package

Name
libpng
Purl
pkg:apk/alpine/libpng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.0
Fixed
1.6.51-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-65018.json"

Alpine:v3.24 / libpng

Package

Name
libpng
Purl
pkg:apk/alpine/libpng?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.6.0
Fixed
1.6.51-r0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-65018.json"