From 72d91337724ca3eb17d0c1ff09953cec12e98d63 Mon Sep 17 00:00:00 2001
From: WyattBlue <wyattblue@auto-editor.com>
Date: Tue, 6 Jan 2026 04:19:02 -0500
Subject: [PATCH] libpng 1.6.47 -> 1.6.53

This fixes: CVE-2025-66293 CVE-2025-64505 CVE-2025-64506
CVE-2025-64720 CVE-2025-65018
---
 scripts/build-ffmpeg.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/build-ffmpeg.py b/scripts/build-ffmpeg.py
index 1dbf130b..0b026eb2 100644
--- a/scripts/build-ffmpeg.py
+++ b/scripts/build-ffmpeg.py
@@ -143,8 +143,8 @@ def calculate_sha256(filename: str) -> str:
     ),
     Package(
         name="png",
-        source_url="https://download.sourceforge.net/libpng/libpng-1.6.47.tar.gz",
-        sha256="084115c62fe023e3d88cd78764a4d8e89763985ee4b4a085825f7a00d85eafbb",
+        source_url="https://downloads.sourceforge.net/project/libpng/libpng16/1.6.53/libpng-1.6.53.tar.xz",
+        sha256="1d3fb8ccc2932d04aa3663e22ef5ef490244370f4e568d7850165068778d98d4",
         # avoid an assembler error on Windows
         build_arguments=["PNG_COPTS=-fno-asynchronous-unwind-tables"],
     ),