Pnggroup Libpng vulnerabilities

CVE-2026-34757 [MEDIUM] CWE-416 CVE-2026-34757: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from fre

CVE-2026-33416 [HIGH] CWE-416 CVE-2026-33416: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes

CVE-2026-33636 [HIGH] CWE-125 CVE-2026-33636: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a

CVE-2026-3713 [MEDIUM] CWE-119 CVE-2026-3713: A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the functio A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used.

CVE-2026-25646 [HIGH] CWE-122 CVE-2026-25646: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maxi

CVE-2026-22801 [HIGH] CWE-125 CVE-2026-22801: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative ro

CVE-2025-66293 [HIGH] CWE-125 CVE-2025-66293: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparenc

CVE-2025-65018 [HIGH] CWE-122 CVE-2025-65018: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attac

CVE-2025-64720 [HIGH] CWE-125 CVE-2025-64720: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_

CVE-2025-64505 [MEDIUM] CWE-125 CVE-2025-64505: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup a

CVE-2025-64506 [MEDIUM] CWE-125 CVE-2025-64506: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enab