rpm package
opensuse/libpng16&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libpng16&distro=openSUSE%20Tumbleweed
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34757 | Med | 5.1 | < 1.6.57-1.1 | 1.6.57-1.1 | Apr 9, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter | |
| CVE-2026-33636 | Hig | 7.6 | < 1.6.56-1.1 | 1.6.56-1.1 | Mar 26, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. Whe | |
| CVE-2026-33416 | Hig | 7.5 | < 1.6.56-1.1 | 1.6.56-1.1 | Mar 26, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, | |
| CVE-2026-25646 | — | < 1.6.55-1.1 | 1.6.55-1.1 | Feb 10, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no hist | ||
| CVE-2026-22801 | — | < 1.6.54-1.1 | 1.6.54-1.1 | Jan 12, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image | ||
| CVE-2026-22695 | — | < 1.6.54-1.1 | 1.6.54-1.1 | Jan 12, 2026 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlac | ||
| CVE-2025-66293 | Hig | 7.1 | < 1.6.52-1.1 | 1.6.52-1.1 | Dec 3, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512 | |
| CVE-2025-65018 | Hig | 7.1 | < 1.6.51-1.1 | 1.6.51-1.1 | Nov 25, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_re | |
| CVE-2025-64720 | Hig | 7.1 | < 1.6.51-1.1 | 1.6.51-1.1 | Nov 25, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images w | |
| CVE-2025-64506 | Med | 6.1 | < 1.6.51-1.1 | 1.6.51-1.1 | Nov 25, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing | |
| CVE-2025-64505 | Med | 6.1 | < 1.6.51-1.1 | 1.6.51-1.1 | Nov 25, 2025 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with ma | |
| CVE-2017-12652 | Cri | 9.8 | < 1.6.37-3.3 | 1.6.37-3.3 | Jul 10, 2019 | libpng before 1.6.32 does not properly check the length of chunks against the user limit. | |
| CVE-2019-7317 | Med | 5.3 | < 1.6.37-3.3 | 1.6.37-3.3 | Feb 4, 2019 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | |
| CVE-2019-6129 | Med | 6.5 | < 1.6.40-2.1 | 1.6.40-2.1 | Jan 11, 2019 | png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer. | |
| CVE-2018-14048 | Med | 6.5 | < 1.6.37-3.3 | 1.6.37-3.3 | Jul 13, 2018 | An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. | |
| CVE-2018-13785 | Med | 6.5 | < 1.6.37-3.3 | 1.6.37-3.3 | Jul 9, 2018 | In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. | |
| CVE-2016-5735 | Hig | 7.8 | < 1.6.37-3.3 | 1.6.37-3.3 | May 23, 2017 | Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. | |
| CVE-2016-10087 | Hig | 7.5 | < 1.6.37-3.3 | 1.6.37-3.3 | Jan 30, 2017 | The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, rem | |
| CVE-2015-8126 | — | < 1.6.26-1.1 | 1.6.26-1.1 | Nov 13, 2015 | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application cr | ||
| CVE-2014-0333 | — | < 1.6.26-1.1 | 1.6.26-1.1 | Feb 27, 2014 | The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero. |
- affected < 1.6.57-1.1fixed 1.6.57-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter
- affected < 1.6.56-1.1fixed 1.6.56-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. Whe
- affected < 1.6.56-1.1fixed 1.6.56-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`,
- CVE-2026-25646Feb 10, 2026affected < 1.6.55-1.1fixed 1.6.55-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no hist
- CVE-2026-22801Jan 12, 2026affected < 1.6.54-1.1fixed 1.6.54-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image
- CVE-2026-22695Jan 12, 2026affected < 1.6.54-1.1fixed 1.6.54-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlac
- affected < 1.6.52-1.1fixed 1.6.52-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512
- affected < 1.6.51-1.1fixed 1.6.51-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_re
- affected < 1.6.51-1.1fixed 1.6.51-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images w
- affected < 1.6.51-1.1fixed 1.6.51-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing
- affected < 1.6.51-1.1fixed 1.6.51-1.1
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with ma
- affected < 1.6.37-3.3fixed 1.6.37-3.3
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
- affected < 1.6.37-3.3fixed 1.6.37-3.3
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
- affected < 1.6.40-2.1fixed 1.6.40-2.1
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
- affected < 1.6.37-3.3fixed 1.6.37-3.3
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
- affected < 1.6.37-3.3fixed 1.6.37-3.3
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
- affected < 1.6.37-3.3fixed 1.6.37-3.3
Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.
- affected < 1.6.37-3.3fixed 1.6.37-3.3
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, rem
- CVE-2015-8126Nov 13, 2015affected < 1.6.26-1.1fixed 1.6.26-1.1
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application cr
- CVE-2014-0333Feb 27, 2014affected < 1.6.26-1.1fixed 1.6.26-1.1
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.
Page 1 of 2