USN-8251-1: libpng vulnerabilities

It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute...

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libpng (UTSA-2026-007319)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007319 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.51 to 1.6.53, ther...

macOS 26.x < 26.4 Multiple Vulnerabilities (126794)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.4. It is, therefore, affected by multiple vulnerabilities: - A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges. CVE-2026-20631 - When...

USN-8081-1 libpng vulnerabilities

It was discovered that libpng did not properly handle memory when processing certain PNG files. An attacker could possibly use this issue to cause libpng to crash, resulting in a denial of service, or disclose sensitive information. CVE-2025-64505 Joshua Inscoe discovered that libpng did not...

CLSA-2026-1770116781 java-1.8.0-openjdk: Fix of 5 CVEs

CVE-2026-21945: security component vulnerability allowing unauthenticated attackers with network access to cause denial of service - CVE-2026-21933: networking component vulnerability allowing unauthenticated attackers with network access to compromise confidentiality and integrity -...

openSUSE 16 Security Update : libpng16 (openSUSE-SU-2026:20017-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20017-1 advisory. - CVE-2025-64505: heap buffer over-read in pngdoquantize when processing PNG files malformed palette indices bsc1254157. - CVE-2025-64506: heap...

Security update for libpng16 (important)

openSUSE security update: security update for libpng16 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20017-1 Rating: important References: bsc1254157 bsc1254158 bsc1254159 bsc1254160 bsc1254480 Cross-References: CVE-2025-64505 CVE-2025-64506...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libpng (UTSA-2025-991297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991297 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to befor...

USN-7924-1 libpng1.6 vulnerabilities

It was discovered that libpng incorrectly handled memory when processing certain PNG files, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash,...

Important: thunderbird

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...

Important: firefox

Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...

AZL-70894 CVE-2025-64505 affecting package fltk 1.3.5-4

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette...

EUVD-2018-5723

Malware in sbrugna...

EUVD-2022-32426

Malicious code in bioql PyPI...

CVE-2024-41440

CVE-2024-41440 affects the image-conversion tool hicolor v0.5.0 . The vulnerability is a heap buffer overflow in the function png_quantize() , which can be triggered by a crafted PNG file and leads to Denial of Service. The connected documents confirm the same description across multiple sources ...

SUSE CVE-2017-11539

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage function in coders/png.c...

CVE-2021-21808

A memory corruption vulnerability exists in the PNG pngpaletteprocess functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability...

CVE-2021-21808

A memory corruption vulnerability exists in the PNG pngpaletteprocess functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability...

CVE-2017-11538

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage function in coders/png.c...