Harry Sintonenlibpng 1.6.0 through 1.6.51 out-of-bounds read vulnerability CVE-2025-66293 may lead to information disclosure (or denial of service). Due to a bug processing a PNG image may lead to read of 1012 bytes past the end of an array. Depending on the contents of the memory beyond this array, some confidential information may be leaked.
The conditions for the issue to trigger require the image to processed through the simplified API with an output format without alpha and no explicit background color. This means that not every application processing PNG images is leaking information. Also a limiting factor is that the affected system would need to return the decoded image data for the information leak to happen in the first place. Finally the information would need to cross a security context (for example from server to client, from privileged process to unprivileged or from user to another user) for the leak to have a security impact.
Interestingly the images resulting in the leak are in fact fully PNG spec compliant.
libpng 1.6.0 through 1.6.51 are affected. The vulnerability is fixed in libpng 1.6.52.
source: https://www.openwall.com/lists/oss-security/2025/12/03/5