Libpng

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Libpng product.

RSS Feeds for Libpng security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Libpng products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Libpng Sorted by Most Security Vulnerabilities since 2018

Libpng24 vulnerabilities

Libpng Pngcheck2 vulnerabilities

By the Year

In 2025 there have been 0 vulnerabilities in Libpng. Libpng did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	0	0.00
2023	0	0.00
2022	2	6.65
2021	0	0.00
2020	1	3.30
2019	4	7.60
2018	2	6.50

It may take a day or so for new Libpng vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Libpng Security Vulnerabilities

A heap overflow flaw was found in libpngs' pngimage.c program

CVE-2021-4214 5.5 - Medium - August 24, 2022

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.

Classic Buffer Overflow

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied)

CVE-2020-35511 7.8 - High - August 23, 2022

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.

Buffer Over-read

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0

CVE-2020-27818 3.3 - Low - December 08, 2020

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.

Out-of-bounds Read

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

CVE-2017-12652 9.8 - Critical - July 10, 2019

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

Improper Input Validation

An issue has been found in third-party PNM decoding associated with libpng 1.6.35

CVE-2018-14550 8.8 - High - July 10, 2019

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

Memory Corruption

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free

CVE-2019-7317 5.3 - Medium - February 04, 2019

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Dangling pointer

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp

CVE-2019-6129 6.5 - Medium - January 11, 2019

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.

Memory Leak

An issue has been found in libpng 1.6.34

CVE-2018-14048 6.5 - Medium - July 13, 2018

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

In libpng 1.6.34

CVE-2018-13785 6.5 - Medium - July 09, 2018

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

Divide By Zero

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27

CVE-2016-10087 7.5 - High - January 30, 2017

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

NULL Pointer Dereference

Libpng

Don't miss out!

RSS Feeds for Libpng security vulnerabilities

Products by Libpng Sorted by Most Security Vulnerabilities since 2018

Libpng24 vulnerabilities

Libpng Pngcheck2 vulnerabilities

By the Year

Recent Libpng Security Vulnerabilities

A heap overflow flaw was found in libpngs' pngimage.c program CVE-2021-4214 5.5 - Medium - August 24, 2022

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) CVE-2020-35511 7.8 - High - August 23, 2022

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0 CVE-2020-27818 3.3 - Low - December 08, 2020

libpng before 1.6.32 does not properly check the length of chunks against the user limit. CVE-2017-12652 9.8 - Critical - July 10, 2019

An issue has been found in third-party PNM decoding associated with libpng 1.6.35 CVE-2018-14550 8.8 - High - July 10, 2019

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free CVE-2019-7317 5.3 - Medium - February 04, 2019

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp CVE-2019-6129 6.5 - Medium - January 11, 2019

An issue has been found in libpng 1.6.34 CVE-2018-14048 6.5 - Medium - July 13, 2018

In libpng 1.6.34 CVE-2018-13785 6.5 - Medium - July 09, 2018

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 CVE-2016-10087 7.5 - High - January 30, 2017