Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 596
Alerts This Week
Warning Icon 1 596

Fedora 43: libpng High CVE-2025-66293 Out-of-Bounds Read Advisory

fedora
Calendar Grey December 14, 2025
Dist Fedora Esm H88
Fedora 43 libpng update addresses high-severity out-of-bounds read flaw and enhances RISC-V performance.
Fixed CVE-2025-66293 (high severity): Out-of-bounds read in png_image_read_composite

Summary

The libpng package contains a library of functions for creating and

manipulating PNG (Portable Network Graphics) image format files. PNG

is a bit-mapped graphics format similar to the GIF format. PNG was

created to replace the GIF format, since GIF uses a patented data

compression algorithm.

Libpng should be installed if you need to manipulate PNG format image

files.

Update Information:

Fixed CVE-2025-66293 (high severity): Out-of-bounds read in png_image_read_composite. Fixed the Paeth filter handling in the RISC-V RVV implementation. Improved the performance of the RISC-V RVV implementation.

Change Log

* Mon Dec 8 2025 Michal Hlavinka - 2:1.6.53-1 - updated to 1.6.53 (#2418775) * Mon Dec 8 2025 Michal Hlavinka - 2:1.6.52-1 - updated to 1.6.52 (#2418775)

References


[ 1 ] Bug #2418747 - CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2418747

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7f360be18f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libpng
Product: Fedora 43
Version: 1.6.53
Release: 1.fc43
Summary: A library of functions for manipulating PNG image format files

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.