CVE-2026-49460

CVE-2026-49460 affects the Python PDF library pypdf . Prior to version 6.12.2 , processing a PDF that uses a stream with the /FlateDecode filter and a PNG predictor can cause unusually long runtimes. The issue is fixed in 6.12.2 . Impact, in line with the sources, is a denial of service-like slow...

Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.52, there was an out-of-bounds read vulnerability in libpng’s simplified API, allowing for reading of up to 10^12 bytes beyond the...

Astra Linux – Vulnerability in GraphicsMagick

GraphicsMagick version 1.3.35 has a heap-based buffer overflow in the ReadMNGImage function in the coders/png.c file...

Astra Linux – Vulnerability in imagemagick

The WriteOnePNGImage function from coders/png.c the PNG encoder contains a for loop with an improper exit condition, which may lead to an out-of-bounds READ operation due to a heap-buffer-overflow issue. This occurs because it is possible for the colormap to have fewer than 256 valid values, and...

CVE-2026-12491 Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

EulerOS Virtualization 2.13.1 : libpng (EulerOS-SA-2026-2375)

According to the versions of the libpng packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

EUVD-2026-34287

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

ImageMagick: Fix of CVE-2026-30883

CVE-2026-30883: fix heap overflow when encoding PNG with oversized profile...

[SECURITY] Fedora 43 Update: libpng-1.6.58-1.fc43

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

EUVD-2026-30842

ExifReader is vulnerable to denial of service via unbounded decompression of image metadata...

[SECURITY] Fedora 44 Update: libpng-1.6.58-1.fc44

The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...

ROS-20260529-73-0006

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

Moderate: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2026-47100

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application...

CVE-2026-8814

Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data Data Amplification due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containi...

ExifReader 安全漏洞

ExifReader is a image metadata extraction library developed by Mattias Wallander. Versions of ExifReader prior to 4.39.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size restrictions when decompressing PNG zTXt metadata, which could lead to the generation of...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

RHEL 10 : libpng (RHSA-2026:18064)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18064 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

RHEL 9 : libpng (RHSA-2026:18028)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18028 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...