VYPR

Vendor CVEs

Pnggroup

All CVEs

29 total · sorted by risk
  • CVE-2016-3751HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem…

  • CVE-2026-33636HigMar 26, 2026
    risk 0.42cvss 7.6epss 0.01

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path.…

  • CVE-2019-6129MedJan 11, 2019
    risk 0.42cvss 6.5epss 0.01

    png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

  • CVE-2026-3713MedMar 8, 2026
    risk 0.34cvss 5.3epss 0.00

    A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is…

  • CVE-2026-40930MedJun 4, 2026
    risk 0.28cvss 5.4epss 0.00

    LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC,…

  • CVE-2026-34757MedApr 9, 2026
    risk 0.26cvss 5.1epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter…

  • CVE-2004-0597Nov 23, 2004
    risk 0.10cvss epss 0.83

    Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or…

  • CVE-2026-25646Feb 10, 2026
    risk 0.00cvss epss 0.01

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no…

  • CVE-2025-28164Jan 27, 2026
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

  • CVE-2025-28162Jan 27, 2026
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become…

  • CVE-2026-22801Jan 12, 2026
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and…

  • CVE-2026-22695Jan 12, 2026
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing…

  • CVE-2025-66293Dec 3, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the…

  • CVE-2025-65018Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function…

  • CVE-2025-64720Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images…

  • CVE-2025-64506Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing…

  • CVE-2025-64505Nov 24, 2025
    risk 0.00cvss epss 0.00

    LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with…

  • CVE-2011-3328Jan 17, 2012
    risk 0.00cvss epss 0.04

    The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain…

  • CVE-2007-2445May 16, 2007
    risk 0.00cvss epss 0.05

    The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

  • CVE-2006-5793Nov 17, 2006
    risk 0.00cvss epss 0.02

    The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds…

  • CVE-2006-3334Jun 30, 2006
    risk 0.00cvss epss 0.04

    Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the…

  • CVE-2006-0481Jan 31, 2006
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.

  • CVE-2005-3662Nov 18, 2005
    risk 0.00cvss epss 0.01

    Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.

  • CVE-2004-0599Nov 23, 2004
    risk 0.00cvss epss 0.06

    Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed…

  • CVE-2004-0598Nov 23, 2004
    risk 0.00cvss epss 0.06

    The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference.

  • CVE-2004-0768Oct 20, 2004
    risk 0.00cvss epss 0.03

    libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.

  • CVE-2002-1363Dec 26, 2002
    risk 0.00cvss epss 0.06

    Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.

  • CVE-2002-0728Aug 12, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.

  • CVE-2002-0660Aug 12, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.