Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-65018 PoC — LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`

Source
https://github.com/Neo-Neo6/CVE-2025-65018-Heap-buffer-overflow-in-libpng-ps4-ps5-
Associated Vulnerability
Title:LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (CVE-2025-65018)
Description:LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
Readme
# Poc for CVE-2025-65018-Heap-buffer-overflow-in-libpng-ps4-ps5-
# Usage:
1-press share button and make screenshot 

2-with ftp go to path:/user/av_contents/photo/NPXS20001/NPXS20001/XXX/ you will find screenshot that you make. 

3-copy it to pc and run it with make_png.py it will output poc.png 

4-rename it to name of the screenshot then replace it with ftp on same path 

5-try to open it from gallery it will give error
File Snapshot

 [4.0K]  /data/pocs/853e69694610c415f14d60172b36308b3fe889fb
├── [ 11K]  LICENSE
├── [2.2K]  make_png.py
└── [ 426]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →