Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 25.10: libpng Denial of Service Vulnerability USN-7924-1

ubuntu
Calendar Grey December 11, 2025
Dist Ubuntu Esm H88
Several security issues fixed in libpng for Ubuntu across multiple versions, addressing potential crashes and DoS.
Several security issues were fixed in libpng.

Summary

Several security issues were fixed in libpng.

Software Description:

- libpng1.6: PNG (Portable Network Graphics) file library

Details:

It was discovered that libpng incorrectly handled memory when processing

certain PNG files, which could result in an out-of-bounds memory access.

If a user or automated system were tricked into opening a specially

crafted PNG file, an attacker could use this issue to cause libpng to

crash, resulting in a denial of service. (CVE-2025-64505)

It was discovered that libpng incorrectly handled memory when processing

8-bit images through the simplified write API with 'convert_to_8bit'

enabled, which could result in an out-of-bounds memory access. If a user

or automated system were tricked into opening a specially crafted 8-bit

PNG file, an attacker could use this issue to cause libpng to crash,

resulting in a denial of service. (CVE-2025-64506)

It was discovered that libpng incorrectly handled memory when processing

palette images with 'PNG_FLAG_OPTI...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu libpng update instructions memory access

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libpng16-16t64                  1.6.50-1ubuntu0.1

Ubuntu 25.04
  libpng16-16t64                  1.6.47-1.1ubuntu0.1

Ubuntu 24.04 LTS
  libpng16-16t64                  1.6.43-5ubuntu0.1

Ubuntu 22.04 LTS
  libpng16-16                     1.6.37-3ubuntu0.1

Ubuntu 20.04 LTS
  libpng16-16                     1.6.37-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libpng16-16                     1.6.34-1ubuntu0.18.04.2+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libpng16-16                     1.6.20-2ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7924-1

CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7924-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu libpng update instructions memory access

Package Information

https://launchpad.net/ubuntu/+source/libpng1.6/1.6.50-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.47-1.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.43-5ubuntu0.1
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.37-3ubuntu0.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here