Debian Libpng1.6 vulnerabilities

CVE-2026-33636 [HIGH] CVE-2026-33636: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partia

CVE-2026-33416 [HIGH] CVE-2026-33416: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_

CVE-2026-25646 [HIGH] CVE-2026-25646: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported

CVE-2026-22695 [HIGH] CVE-2026-22695: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regressi

CVE-2026-34757 [MEDIUM] CVE-2026-34757: libpng1.6 bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2026-22801 [MEDIUM] CVE-2026-22801: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (f

CVE-2026-3713 [MEDIUM] CVE-2026-3713: libpng1.6 - A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerab... A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project w

CVE-2025-64720 [HIGH] CVE-2025-64720: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_tra

CVE-2025-66293 [HIGH] CVE-2025-66293: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma c

CVE-2025-65018 [HIGH] CVE-2025-65018: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted i

CVE-2025-64505 [MEDIUM] CVE-2025-64505: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds a

CVE-2025-64506 [MEDIUM] CVE-2025-64506: libpng1.6 - LIBPNG is a reference library for use in applications that read, create, and man... LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vuln

CVE-2025-28164 [MEDIUM] CVE-2025-28164: libpng1.6 - Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to... Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.6.47-1) sid: resolved (fixed in 1.6.47-1) trixie: resolved (fixed in 1.6.47-1)

CVE-2025-28162 [MEDIUM] CVE-2025-28162: libpng1.6 - Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to... Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.6.47-

CVE-2021-4214 [MEDIUM] CVE-2021-4214: libpng1.6 - A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows ... A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-7317 [MEDIUM] CVE-2019-7317: firefox - png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free becau... png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Scope: local sid: resolved (fixed in 67.0-2)

CVE-2019-6129 [MEDIUM] CVE-2019-6129: libpng1.6 - png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstra... png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer. Scope: local bookworm: resolved (fixed in 1.6.39-1) bullseye: open forky: resolved (fixed in 1.6.39-1) sid: resolved (fixed in 1.6.39-1) trixie: resolved (fixed in 1.6.39-1)

CVE-2018-13785 [MEDIUM] CVE-2018-13785: libpng1.6 - In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_lengt... In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. Scope: local bookworm: resolved (fixed in 1.6.34-2) bullseye: resolved (fixed in 1.6.34-2) forky: resolved (fixed in 1.6.34-2) sid

CVE-2018-14550 [HIGH] CVE-2018-14550: libpng1.6 - An issue has been found in third-party PNM decoding associated with libpng 1.6.3... An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. Scope: local bookworm: resolved (fixed in 1.6.37-1) bullseye: resolved (fixed in 1.6.37-1) forky: resolved (fixed in 1.6.37-1) sid: resolved (fixed in 1.6.37-1) trixie: resolved (fixed in 1.6.37-1

CVE-2018-14048 [MEDIUM] CVE-2018-14048: libpng1.6 - An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_... An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. Scope: local bookworm: resolved (fixed in 1.6.37-1) bullseye: resolved (fixed in 1.6.37-1) forky: resolved (fixed in 1.6.37-1) sid: resolved (fixed in 1.6.37-1) trixie: resolved (fixed in 1.6.37-1)