CVE-2026-33636 — Out-of-bounds Read in Libpng

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write CWE-124 — Buffer Underflow18 documents9 sources

Severity

7.6HIGHNVD

EPSS

0.0%

top 90.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libpng Pnggroup Libpng

Timeline

PublishedMar 26

Latest updateApr 6

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the fina…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:HExploitability: 2.8 | Impact: 4.7

Affected Packages2 packages

▶NVDlibpng/libpng1.6.36 — 1.6.56

▶CVEListV5pnggroup/libpng>= 1.6.36, < 1.6.56

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2026-33636: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files↗2026-03-26

▶

CVEList

LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64↗2026-03-26

▶

📋Vendor Advisories

Red Hat

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion↗2026-03-26

▶

Microsoft

LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64↗2026-03-10

▶

Debian

CVE-2026-33636: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man...↗2026

▶

🕵️Threat Intelligence

Hackernews

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More↗2026-04-06

▶

Wiz

CVE-2026-23865 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-3713 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-34757 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

ELSA-2026-0932 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-33636 mingw-libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-43]↗2026-03-27

▶

Bugzilla

CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-42]↗2026-03-27

▶

Bugzilla

CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-43]↗2026-03-27

▶

Bugzilla

CVE-2026-33636 mingw-libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-42]↗2026-03-27

▶

Bugzilla

Update libpng to new version v1.6.56 from 2026-03-25 22:47:06 (includes fixes for CVE-2026-33416, CVE-2026-33636)↗2026-03-26

▶