280 matches found
ALPINE-CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
AZL-77468 CVE-2026-25646 affecting package fltk 1.3.8-1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
AZL-77474 CVE-2026-25646 affecting package libpng15 1.5.30-15
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
AZL-77457 CVE-2026-25646 affecting package fltk 1.3.5-4
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
CVE-2026-25646
LIBPNG has a bug in the png_set_quantize() API prior to 1.6.55: when called with no histogram and the palette colors exceed twice the display’s maximum, certain palettes can cause an out-of-bounds read that may read past an internal heap buffer, potentially causing an infinite loop. The issue is ...
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
CVE-2026-25646 LIBPNG has a heap buffer overflow in png_set_quantize
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
CVE-2026-25646 LIBPNG has a heap buffer overflow in png_set_quantize
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
CVE-2026-25646 LIBPNG has a heap buffer overflow in png_set_quantize
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the pngsetquantize function. An attacker can execute arbitrary code or cause a denial of service by providing images with no histogram and the number of colors in the palette is more than twice the maximum support...
libpng 安全漏洞
libpng is an open-source library developed by The PNG Development Group, which allows for the creation, reading, and other operations on PNG graphic files. Versions of libpng prior to 1.6.55 contained security vulnerabilities; these vulnerabilities stemmed from the pngsetquantize function’s abili...
png -- CWE-122: Heap-based Buffer Overflow
https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 reports: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the...
OSV-2026-55 Use-of-uninitialized-value in vp9_quantize_fp_avx2
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475583924 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...
SUSE-SU-2026:20030-1 Security update for libpng16
This update for libpng16 fixes the following issues: - CVE-2025-64505: heap buffer over-read in pngdoquantize when processing PNG files malformed palette indices bsc1254157. - CVE-2025-64506: heap buffer over-read in pngwriteimage8bit when processing 8-bit input with convertto8bit enabled...
SUSE-SU-2026:20073-1 Security update for libpng16
This update for libpng16 fixes the following issues: - CVE-2025-64505: heap buffer over-read in pngdoquantize when processing PNG files malformed palette indices bsc1254157. - CVE-2025-64506: heap buffer over-read in pngwriteimage8bit when processing 8-bit input with convertto8bit enabled...
OSV-2026-30 Use-of-uninitialized-value in vp9_quantize_fp_avx2
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474614578 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...
PT-2026-7243
Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.6.55 Description LIBPNG is a library used by applications to read, create, and manipulate PNG raster image files. A flaw exists in the png set quantize function that can lead to a denial-of-service condition or...