libpng

CVE-2026-33416 is a reminder that mature image libraries can still hide dangerous memory-safety bugs in code paths that look deceptively routine. Microsoft’s update guide frames the flaw as a use-after-free in libpng with high availability impact, and the PNG Project says the bug affects...

A newly disclosed vulnerability in the pnggroup libpng project—tracked as CVE-2026-3713—allows a specially crafted PNM image to trigger a heap-based buffer overflow in the library’s pnm2png utility, and a public proof-of-concept has already been published. This bug stems from an...

A recently disclosed flaw in the libpng library — tracked as CVE-2026-22801 — creates an integer truncation in libpng's simplified write APIs that can lead to a heap buffer over‑read and consequent denial‑of‑service or information disclosure when applications call png_write_image_16bit() or...

LIBPNG’s maintainers have shipped an urgent patch after researchers discovered a high‑severity out‑of‑bounds read in the simplified read/write API: png_image_read_composite can read up to 1,012 bytes past the end of the png_sRGB_base array when processing valid palette PNGs that include partial...

A heap buffer over-read has been disclosed in the libpng library’s simplified write API: CVE-2025-64506 affects libpng versions 1.6.0 through 1.6.50 and is patched in libpng 1.6.51; the flaw stems from an incorrect conditional in png_write_image_8bit that can cause 8-bit image buffers to be...

A recently disclosed vulnerability in the widely used LIBPNG library — tracked as CVE‑2025‑64505 — allows a crafted PNG file with malformed palette indices to provoke a heap buffer over‑read in libpng’s png_do_quantize routine; the issue is fixed in libpng 1.6.51, and maintainers and downstream...