VYPR

Libpng

by Libpng

Source repositories

CVEs (66)

  • CVE-2019-7317MedFeb 4, 2019
    risk 0.27cvss 5.3epss 0.09

    png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

  • CVE-2026-34757MedApr 9, 2026
    risk 0.26cvss 5.1epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter…

  • CVE-2004-0597Nov 23, 2004
    risk 0.10cvss epss 0.83

    Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or…

  • CVE-2015-7981Nov 24, 2015
    risk 0.01cvss epss 0.06

    The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.

  • CVE-2015-8126Nov 13, 2015
    risk 0.01cvss epss 0.10

    Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application…

  • CVE-2011-3048May 29, 2012
    risk 0.01cvss epss 0.07

    The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which…

  • CVE-2026-25646Feb 10, 2026
    risk 0.00cvss epss 0.01

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no…

  • CVE-2025-28164Jan 27, 2026
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

  • CVE-2025-28162Jan 27, 2026
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become…

  • CVE-2026-22801Jan 12, 2026
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and…

  • CVE-2026-22695Jan 12, 2026
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing…

  • CVE-2025-66293Dec 3, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the…

  • CVE-2025-65018Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function…

  • CVE-2025-64720Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images…

  • CVE-2025-64506Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing…

  • CVE-2025-64505Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with…

  • CVE-2021-4214Aug 24, 2022
    risk 0.00cvss epss 0.01

    A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

  • CVE-2017-12652Jul 10, 2019
    risk 0.00cvss epss 0.04

    libpng before 1.6.32 does not properly check the length of chunks against the user limit.

  • CVE-2014-0333Feb 27, 2014
    risk 0.00cvss epss 0.03

    The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

  • CVE-2012-3425Aug 13, 2012
    risk 0.00cvss epss 0.03

    The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.