You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
png decoding
About this tag
Discussions on WindowsForum.com about png decoding focus on security vulnerabilities in libpng, particularly CVE-2026-33636, an out-of-bounds read/write flaw in the ARM Neon-optimized palette expansion path. This issue affects libpng versions prior to 1.6.56 and can be triggered by crafted PNG images during normal decoding. The tag covers the risks of image decoding in software stacks, especially where SIMD code processes attacker-controlled input. Users and developers share information about patching, mitigation, and the broader implications for Windows systems that rely on libpng for image handling.
CVE-2026-33636 is another reminder that image decoding remains one of the most attack-prone corners of the software stack, especially where hand-tuned SIMD code meets attacker-controlled input. In libpng, the flaw sits in the ARM/AArch64 Neon-optimized palette expansion path, where a final...