A Hidden Flaw in the Code Behind Billions of Images Could Let Attackers Crash—or Hijack—Your Apps

The library trusted by billions of applications to safely open a PNG image has been quietly harboring a memory corruption flaw for nearly a decade — and a single crafted image file is all it takes to trigger it.

What's happening

Researchers have disclosed CVE-2025-64720, a high-severity vulnerability in libpng, the foundational open-source library that virtually every piece of software on earth uses to read, write, and display PNG image files. We're talking about browsers, mobile apps, medical imaging software, game engines, document editors, and countless embedded systems — if it shows you a PNG, there's a reasonable chance libpng is doing the heavy lifting underneath. The flaw has existed in every version from 1.6.0 through 1.6.50, a window spanning roughly 2015 to 2025. A fix landed quietly in version 1.6.51.

The real-world stakes are significant. PNG is the most widely used lossless image format on the internet. Estimates put libpng's deployment footprint in the hundreds of millions of systems globally, embedded in software stacks from Android and iOS to Linux servers and Windows desktop applications. An attacker who can get a vulnerable application to open a specially crafted PNG file — through an email attachment, a webpage, a chat message, or an uploaded profile photo — can potentially trigger the bug and cause the application to crash or, in a worst case, expose sensitive data sitting in adjacent memory.

How the attack works

Imagine you hand someone a deceptively labeled box and tell them its contents weigh ten pounds. They build a shelf rated for exactly ten pounds, but the box actually contains fifteen. The shelf collapses and takes everything around it down too. That's roughly what's happening here. A malicious PNG file can be crafted using a specific combination of features — a palette-based color scheme and a particular transparency optimization setting — that causes libpng to read memory it was never supposed to touch. The library trusts the numbers it calculates internally, builds its processing around them, and then quietly wanders outside the boundaries of safe memory when those numbers are secretly wrong.

The damage from that out-of-bounds read can range from an immediate application crash — frustrating but recoverable — to leaking raw bytes from the application's memory to a watchful attacker. In security-sensitive contexts, that leaked memory could contain session tokens, cryptographic keys, cached credentials, or fragments of other users' data. For any application that processes user-supplied images, this attack surface is wide open and surprisingly easy to reach.

The technical reality

For researchers and engineers: the root cause lives in png_image_read_composite(), triggered when palette images are processed with PNG_FLAG_OPTIMIZE_ALPHA enabled. The compositing logic in png_init_read_transformations() incorrectly applies background compositing before premultiplication rather than after, violating the invariant component ≤ alpha × 257 that the simplified PNG API enforces as a hard contract. The result is an out-of-bounds read with a CVSS score of 7.1 (HIGH). The exact exploitability for memory disclosure versus code execution depends heavily on the surrounding application's memory layout and error-handling behavior, but the primitive is real and reproducible.

Who is at risk

Any application statically or dynamically linking libpng versions 1.6.0 through 1.6.50 and processing untrusted PNG input is potentially affected. This includes web applications with image upload functionality, desktop image viewers, mobile apps, content management platforms, and any backend pipeline that ingests user-submitted graphics. Linux distributions shipping older libpng packages are particularly exposed until they roll out updated packages. Embedded and IoT devices that ship with baked-in libpng versions and receive infrequent updates represent a long-tail risk that may persist for years. No active exploitation has been confirmed in the wild at time of publication, but the low barrier to triggering the bug makes that window narrow.

What you should do right now

1. Update libpng to version 1.6.51 immediately. If you're on Linux, run your package manager now (apt upgrade libpng16-16 or equivalent). macOS users should update via Homebrew (brew upgrade libpng). Confirm your version with libpng-config --version.

2. Audit your software dependencies. If you ship applications that bundle libpng statically, check your build manifests and recompile against 1.6.51. Search your dependency trees for any package that wraps libpng, including image processing libraries like Pillow, ImageMagick, and platform SDKs.

3. Restrict untrusted image input as a stopgap. If patching is temporarily impossible, consider sanitizing or re-encoding user-supplied PNG files through a patched intermediary service before they reach vulnerable processing pipelines. This limits exposure while a full patch cycle completes.