Source code
Revision control
Copy as Markdown
Other Tools
libpng 1.6.51 - November 21, 2025
=================================
This is a public release of libpng, intended for use in production code.
Files available for download
----------------------------
Source files with LF line endings (for Unix/Linux):
* libpng-1.6.51.tar.xz (LZMA-compressed, recommended)
* libpng-1.6.51.tar.gz (deflate-compressed)
Source files with CRLF line endings (for Windows):
* lpng1651.7z (LZMA-compressed, recommended)
* lpng1651.zip (deflate-compressed)
Other information:
* README.md
* LICENSE.md
* AUTHORS.md
* TRADEMARK.md
Changes from version 1.6.50 to version 1.6.51
---------------------------------------------
* Fixed CVE-2025-64505 (moderate severity):
Heap buffer overflow in `png_do_quantize` via malformed palette index.
(Reported by Samsung; analyzed by Fabio Gritti.)
* Fixed CVE-2025-64506 (moderate severity):
Heap buffer over-read in `png_write_image_8bit` with 8-bit input and
`convert_to_8bit` enabled.
(Reported by Samsung and <weijinjinnihao@users.noreply.github.com>;
analyzed by Fabio Gritti.)
* Fixed CVE-2025-64720 (high severity):
Buffer overflow in `png_image_read_composite` via incorrect palette
premultiplication.
(Reported by Samsung; analyzed by John Bowler.)
* Fixed CVE-2025-65018 (high severity):
Heap buffer overflow in `png_combine_row` triggered via
`png_image_finish_read`.
(Reported by <yosiimich@users.noreply.github.com>.)
* Fixed a memory leak in `png_set_quantize`.
(Reported by Samsung; analyzed by Fabio Gritti.)
* Removed the experimental and incomplete ERROR_NUMBERS code.
(Contributed by Tobias Stoeckmann.)
* Improved the RISC-V vector extension support; required RVV 1.0 or newer.
(Contributed by Filip Wasil.)
* Added GitHub Actions workflows for automated testing.
* Performed various refactorings and cleanups.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
Subscription is required; visit
to subscribe.