rpm package
almalinux/libpng-devel
pkg:rpm/almalinux/libpng-devel
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33636 | Hig | 7.6 | < 2:1.6.40-8.el10_1.3 | 2:1.6.40-8.el10_1.3 | Mar 26, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. Whe | |
| CVE-2026-33416 | Hig | 7.5 | < 2:1.6.37-12.el9_7.4 | 2:1.6.37-12.el9_7.4 | Mar 26, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, | |
| CVE-2026-25646 | — | < 2:1.6.37-12.el9_7.2 | 2:1.6.37-12.el9_7.2 | Feb 10, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no hist | ||
| CVE-2026-22801 | — | < 2:1.6.37-12.el9_7.2 | 2:1.6.37-12.el9_7.2 | Jan 12, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image | ||
| CVE-2026-22695 | — | < 2:1.6.37-12.el9_7.2 | 2:1.6.37-12.el9_7.2 | Jan 12, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlac | ||
| CVE-2025-66293 | — | < 2:1.6.40-8.el10_1.1 | 2:1.6.40-8.el10_1.1 | Dec 3, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512 | ||
| CVE-2025-65018 | — | < 2:1.6.40-8.el10_1.1 | 2:1.6.40-8.el10_1.1 | Nov 24, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_re | ||
| CVE-2025-64720 | — | < 2:1.6.40-8.el10_1.1 | 2:1.6.40-8.el10_1.1 | Nov 24, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images w |
- affected < 2:1.6.40-8.el10_1.3fixed 2:1.6.40-8.el10_1.3
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. Whe
- affected < 2:1.6.37-12.el9_7.4fixed 2:1.6.37-12.el9_7.4
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`,
- CVE-2026-25646Feb 10, 2026affected < 2:1.6.37-12.el9_7.2fixed 2:1.6.37-12.el9_7.2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no hist
- CVE-2026-22801Jan 12, 2026affected < 2:1.6.37-12.el9_7.2fixed 2:1.6.37-12.el9_7.2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image
- CVE-2026-22695Jan 12, 2026affected < 2:1.6.37-12.el9_7.2fixed 2:1.6.37-12.el9_7.2
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlac
- CVE-2025-66293Dec 3, 2025affected < 2:1.6.40-8.el10_1.1fixed 2:1.6.40-8.el10_1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512
- CVE-2025-65018Nov 24, 2025affected < 2:1.6.40-8.el10_1.1fixed 2:1.6.40-8.el10_1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_re
- CVE-2025-64720Nov 24, 2025affected < 2:1.6.40-8.el10_1.1fixed 2:1.6.40-8.el10_1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images w