CVE-2026-42500

CVE-2026-42500 affects decoding in golang.org/x/image/bmp for paletted BMP images. The issue is triggered by decoding a BMP with an out-of-range palette index, causing a panic when accessing pixels in the invalid image. Root cause: palette index validation failure during palette/pixel processing....

GO-2026-5031 Panic when reading out of bound palette index in golang.org/x/image/bmp

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

Fedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)

This update fixes a 1-byte uninitialized memory reference in pngformatbuffer. It allows attackers to cause a denial of service crash via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this...

Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)

This update fixes a 1-byte uninitialized memory reference in pngformatbuffer. It allows attackers to cause a denial of service crash via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501. Also fixed in this...