Fedora 43: libpng High CVE-2025-66293 Out-of-Bounds Read Advisory
fedora
December 14, 2025
Fixed CVE-2025-66293 (high severity): Out-of-bounds read in png_image_read_composite
Summary
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format. PNG was
created to replace the GIF format, since GIF uses a patented data
compression algorithm.
Libpng should be installed if you need to manipulate PNG format image
files.
Update Information:
Fixed CVE-2025-66293 (high severity): Out-of-bounds read in png_image_read_composite. Fixed the Paeth filter handling in the RISC-V RVV implementation. Improved the performance of the RISC-V RVV implementation.
Topics Covered
Change Log
* Mon Dec 8 2025 Michal Hlavinka
References
[ 1 ] Bug #2418747 - CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2418747
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7f360be18f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: libpng
Product: Fedora 43
Version: 1.6.53
Release: 1.fc43
Summary: A library of functions for manipulating PNG image format files
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!