关键信息 CVE: CVE-2025-65018 Severity: High (7.1/10) Package: libpng Summary Heap buffer overflow in the libpng simplified API function when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. Vulnerability Mechanism 1. PNG IHDR declares 16-bit color depth with interlacing. 2. Application requests 8-bit output in RGBA format. 3. Application allocates PNG_IMAGE_SIZE(image) bytes (sized for 8-bit output). 4. writes using 16-bit IHDR depth before transformation. 5. Buffer overflow occurs because the function writes 16-bit data to an 8-bit sized buffer. Fix Using two commits: Initial: Rejects all 16-to-8 bit transformations via validation; too restrictive. Final: Removes validation for interlaced images only; maintains full API compatibility. Mitigation Immediate: Use the provided workaround before upgrading to libpng 1.6.51+. Upgrade to libpng 1.6.51+ where 16-to-8 bit transformations are fully supported and safe. Distribution Maintainers: Apply to all supported versions. Notify downstream packages.