CVE-2026-25646 — Heap-based Buffer Overflow in Libpng
Severity
8.3HIGHNVD
OSV7.1OSV6.1
EPSS
0.1%
top 76.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 10
Latest updateMar 11
Description
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal…
CVSS vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
Affected Packages3 packages
Patches
🔴Vulnerability Details
4OSV▶
CVE-2026-25646: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files↗2026-02-10
📋Vendor Advisories
5Debian▶
CVE-2026-25646: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man...↗2026
🕵️Threat Intelligence
1💬Community
5Bugzilla▶
CVE-2026-25646 libpng15: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43]↗2026-02-10
Bugzilla▶
CVE-2026-25646 libpng15: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42]↗2026-02-10
Bugzilla▶
CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42]↗2026-02-10
Bugzilla▶
CVE-2026-25646 libpng12: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43]↗2026-02-10