You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-33636
About this tag
CVE-2026-33636 is a security vulnerability in libpng affecting ARM and AArch64 Neon-optimized palette expansion code. The flaw allows out-of-bounds read and write when processing crafted PNG images, as a final partial chunk may be handled without verifying sufficient remaining pixels. This issue is reachable during normal image decoding, making it exploitable in practice. The fix is included in libpng version 1.6.56. Discussions on WindowsForum.com highlight that image decoding remains a common attack surface, especially with hand-tuned SIMD code handling attacker-controlled input. Users running software that relies on libpng for PNG decoding on ARM-based systems should update to the patched version to mitigate potential security risks.
CVE-2026-33636 is another reminder that image decoding remains one of the most attack-prone corners of the software stack, especially where hand-tuned SIMD code meets attacker-controlled input. In libpng, the flaw sits in the ARM/AArch64 Neon-optimized palette expansion path, where a final...