CVE Tools

libpng

OSS Librariesoss-project

41

Cumulative CVEs

25

Monthly snapshots

#22

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting libpng.

CVE-2026-34757LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure5.1Apr 9, 2026
CVE-2026-33636LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch647.6Mar 26, 2026
CVE-2026-33416LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`7.5Mar 26, 2026
CVE-2026-25646LIBPNG has a heap buffer overflow in png_set_quantize8.1Feb 10, 2026
CVE-2025-28164Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.5.5Jan 27, 2026
CVE-2025-28162Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locatio...5.5Jan 27, 2026
CVE-2026-22801LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*6.8Jan 12, 2026
CVE-2026-22695LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix)6.1Jan 12, 2026
CVE-2025-66293LIBPNG has an out-of-bounds read in png_image_read_composite7.1Dec 3, 2025
CVE-2025-65018LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`7.1Nov 24, 2025
CVE-2025-64720LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication7.1Nov 24, 2025
CVE-2025-64506LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images6.1Nov 24, 2025
CVE-2025-64505LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index6.1Nov 24, 2025
CVE-2021-4214A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an applic...5.5Aug 24, 2022
CVE-2020-35511A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.7.8Aug 23, 2022