JLSEC-2026-535

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application...

DEBIAN-CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

Amazon Linux 2 : libpng, --advisory ALAS2-2026-3244 (ALAS-2026-3244)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3244 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...

ROS-20260401-73-0005

Vulnerability in libpng15 related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CLSA-2026-1774437406 Fix CVE(s): CVE-2026-30883

SECURITY UPDATE: heap over-write in PNG raw profile writer - debian/patches/CVE-2026-30883.patch: add overflow check for allocatedlength in Magickpngwriterawprofile to prevent integer overflow leading to heap over-write - CVE-2026-30883...

CLSA-2026-1774027481 Fix CVE(s): CVE-2026-30883

SECURITY UPDATE: heap overflow in PNG encoder from large profile - debian/patches/CVE-2026-30883.patch: add overflow check in Magickpngwriterawprofile to reject profiles with length that would overflow allocatedlength arithmetic - CVE-2026-30883...

Important: Red Hat Security Advisory: libpng security update

An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

Out-of-bounds Write

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-65018)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-65018 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG...

CVE-2025-66293

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing...

SUSE CVE-2025-11680

Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

CVE-2025-57810 jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG...

HiColor 安全漏洞

HiColor is a program by the individual developer D. Bohdan. It is used to convert images to 15-bit and 16-bit RGB colors. A security vulnerability exists in HiColor version 0.5.0, which stems from a heap buffer overflow vulnerability in the pngquantize function, allowing an attacker to cause a...

AMI AptioV Code Issue Vulnerability

AMI AptioV is a firmware from AMI. A security vulnerability exists in AMI AptioV that stems from a vulnerability contained in the BIOS, where a user may be able to locally upload a dangerous type of PNG Logo file, which could be exploited by an attacker to cause a loss of system confidentiality,...

SUSE CVE-2009-1932

Multiple integer overflows in the 1 userinfocallback, 2 userendrowcallback, and 3 gstpngdectask functions ext/libpng/gstpngdec.c in GStreamer Good Plug-ins aka gst-plugins-good or gstreamer-plugins-good 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary cod...

PT-2023-1301

Name of the Vulnerable Software and Affected Versions ImageMagick version 7.1.0-49 Description The issue is related to errors in processing input data, which can allow a remote attacker to access protected information using the profile parameter. When ImageMagick parses a PNG image, the resulting...

DEBIAN-CVE-2021-4214

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service...

CVE-2022-36947

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow...

DEBIAN-CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an...

PT-2021-14347 · Unknown · Kamadak-Exif

Name of the Vulnerable Software and Affected Versions: kamadak-exif version 0.5.2 Description: The issue is related to an infinite loop in parsing crafted PNG files, specifically in the reader::read from container function. This can lead to a denial-of-service DoS condition when used with untrust...