AZL-70883 CVE-2025-64720 affecting package optipng 0.7.8-5

🗓️ 25 Nov 2025 00:15:47Reported by GoogleType

osv

osv🔗 osv.dev

Optipng 0.7.8-5 is affected by CVE-2025-64720 due to a LIBPNG out-of-bounds read in palette.

Reporter	Title	Published	Views	Family All 370
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in DataStage on Cloud Pak for Data	25 Feb 202616:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image	3 Mar 202613:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2026.	27 Mar 202609:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	28 Jan 202615:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026	27 Mar 202608:58	–	ibm
IBM Security Bulletins	Security Bulletin:Vulnerabilities in LIBPNG affects IBM Netezza Appliance	15 Apr 202611:16	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libpng affects IBM Netezza Appliance	22 Apr 202612:14	–	ibm
GithubExploit	Exploit for CVE-2025-64720	25 Nov 202510:19	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Read in Libpng	22 Jan 202611:35	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Read in Libpng	14 Dec 202518:41	–	githubexploit

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-64720

21 Apr 2026 04:36Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.17.1

EPSS0.00079

SSVC

optipng version 0.7.8-5 libpng vulnerability out of bounds png library