VYPR

rpm package

opensuse/libpng16&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libpng16&distro=openSUSE%20Tumbleweed

Vulnerabilities (30)

  • CVE-2026-34757MedApr 9, 2026
    affected < 1.6.57-1.1fixed 1.6.57-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter

  • CVE-2026-33636HigMar 26, 2026
    affected < 1.6.56-1.1fixed 1.6.56-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. Whe

  • CVE-2026-33416HigMar 26, 2026
    affected < 1.6.56-1.1fixed 1.6.56-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`,

  • CVE-2026-25646Feb 10, 2026
    affected < 1.6.55-1.1fixed 1.6.55-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no hist

  • CVE-2026-22801Jan 12, 2026
    affected < 1.6.54-1.1fixed 1.6.54-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image

  • CVE-2026-22695Jan 12, 2026
    affected < 1.6.54-1.1fixed 1.6.54-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlac

  • CVE-2025-66293HigDec 3, 2025
    affected < 1.6.52-1.1fixed 1.6.52-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512

  • CVE-2025-65018HigNov 25, 2025
    affected < 1.6.51-1.1fixed 1.6.51-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_re

  • CVE-2025-64720HigNov 25, 2025
    affected < 1.6.51-1.1fixed 1.6.51-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images w

  • CVE-2025-64506MedNov 25, 2025
    affected < 1.6.51-1.1fixed 1.6.51-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing

  • CVE-2025-64505MedNov 25, 2025
    affected < 1.6.51-1.1fixed 1.6.51-1.1

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with ma

  • CVE-2017-12652CriJul 10, 2019
    affected < 1.6.37-3.3fixed 1.6.37-3.3

    libpng before 1.6.32 does not properly check the length of chunks against the user limit.

  • CVE-2019-7317MedFeb 4, 2019
    affected < 1.6.37-3.3fixed 1.6.37-3.3

    png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

  • CVE-2019-6129MedJan 11, 2019
    affected < 1.6.40-2.1fixed 1.6.40-2.1

    png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

  • CVE-2018-14048MedJul 13, 2018
    affected < 1.6.37-3.3fixed 1.6.37-3.3

    An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

  • CVE-2018-13785MedJul 9, 2018
    affected < 1.6.37-3.3fixed 1.6.37-3.3

    In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

  • CVE-2016-5735HigMay 23, 2017
    affected < 1.6.37-3.3fixed 1.6.37-3.3

    Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.

  • CVE-2016-10087HigJan 30, 2017
    affected < 1.6.37-3.3fixed 1.6.37-3.3

    The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, rem

  • CVE-2015-8126Nov 13, 2015
    affected < 1.6.26-1.1fixed 1.6.26-1.1

    Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application cr

  • CVE-2014-0333Feb 27, 2014
    affected < 1.6.26-1.1fixed 1.6.26-1.1

    The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

Page 1 of 2