EulerOS Virtualization 2.12.0 : libpng (EulerOS-SA-2026-2104)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via pngcreatereadstruct...

EulerOS Virtualization 2.10.0 : libpng (EulerOS-SA-2026-2052)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with...

CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

ASB-A-463980379

In pnginitreadtransformations of pngrtran.c, there is a possible way to cause a persistent denial of service due to a heap buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

GHSA-RR89-W3H9-M66J ExifReader is vulnerable to denial of service via unbounded decompression of image metadata

Impact Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API e.g. ExifReader.loadfile or ExifReader.loadbuffer, async: true on an attacker-supplied image, a small compressed chunk in the file can expand ...

ROS-20260529-73-0005

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

ROS-20260529-73-0008

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

ROS-20260529-73-0007

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

RHSA-2026:20551 Red Hat Security Advisory: libpng security update

Bulletin has no description...

TencentOS Server 3: java-1.8.0-openjdk (TSSA-2026:0365)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0365 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

ROS-20260526-73-0019

A vulnerability in the libpng library is related to the failure to check for sufficient input pixels when processing the last partial portion in the ARM/AArch64 Neon optimized palette expansion path. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

Astra Linux - уязвимость в imagemagick

ImageMagick 7.1.0-49 is vulnerable to Denial of Service attacks. When it parses a PNG image for example, for resizing, the conversion process may cause it to wait for stdin input...

Astra Linux - уязвимость в libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, there was a heap buffer over-read vulnerability in the libpng’s pngdoquantize function when processing PNG files with malformed palette...

Astra Linux - уязвимость в exiv2

In Exiv2 0.27.99.0, the PngImage::readMetadata function in the pngimage.cpp file allows attackers to cause a denial of service heap-based buffer over-read through a crafted image file...

Astra Linux - уязвимость в libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.51 to 1.6.53, there was a potential issue of excessive memory access in the libpng simplified API function pngimagefinishread, when processing...

Astra Linux - уязвимость в openjpeg2

A heap-buffer overflow was discovered in the way openjpeg2 handles certain PNG format files. An attacker could exploit this flaw to cause an application to crash, or in some cases to execute arbitrary code with the permission of the user running such an application...

Astra Linux - уязвимость в libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Starting from version 1.6.0 until 1.6.51, there was a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread, when processing...

Astra Linux - уязвимость в imagemagick

ImageMagick 7.1.0-49 is vulnerable to information disclosure. When it parses a PNG image e.g., for resizing, the resulting image may contain content from an arbitrary file. This occurs if the ImageMagick binary has permissions to read such files...

CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...