CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

EUVD-2026-34287

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

[SECURITY] Fedora 43 Update: libpng-1.6.58-1.fc43

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

EUVD-2026-30842

ExifReader is vulnerable to denial of service via unbounded decompression of image metadata...

[SECURITY] Fedora 44 Update: libpng-1.6.58-1.fc44

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

ROS-20260529-73-0006

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2026-47100

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application...

Astra Linux - уязвимость в libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.52, there was an out-of-bounds read vulnerability in libpng’s simplified API, allowing for reading of up to 10^12 bytes beyond the...

Astra Linux - уязвимость в imagemagick

The WriteOnePNGImage function from coders/png.c the PNG encoder contains a for loop with an improper exit condition, which may lead to an out-of-bounds READ operation due to a heap-buffer-overflow issue. This occurs because it is possible for the colormap to have fewer than 256 valid values, and...

Astra Linux - уязвимость в graphicsmagick

GraphicsMagick version 1.3.35 has a heap-based buffer overflow in the ReadMNGImage function in the coders/png.c file...

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

ExifReader 安全漏洞

ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size restrictions when decompressing PNG zTXt metadata, which could lead to the generation of...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

RHEL 9 : libpng (RHSA-2026:18028)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18028 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

RHEL 10 : libpng (RHSA-2026:18064)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18064 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

[SECURITY] Fedora 44 Update: SDL2_image-2.8.12-1.fc44

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...

[SECURITY] Fedora 43 Update: SDL3_image-3.4.4-1.fc43

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This is a simple library to load images of various formats as SDL surfaces. It can load BMP, GIF, JPEG, LBM, PCX, PNG, PNM PPM/PGM/PBM, QOI, TGA, XCF,...

ALSA-2026:14791 Moderate: libpng security update

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion CVE-2026-33636 For more details...

Moderate: libpng security update

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion CVE-2026-33636 For more details...