Libpng Libpng

  1. Vendors
  2. Libpng

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Libpng product.

RSS Feeds for Libpng security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Libpng products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Libpng Sorted by Most Security Vulnerabilities since 2018

Libpng24 vulnerabilities

Libpng Pngcheck2 vulnerabilities

By the Year

In 2025 there have been 0 vulnerabilities in Libpng. Libpng did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 2 6.65
2021 0 0.00
2020 1 3.30
2019 4 7.60
2018 2 6.50

It may take a day or so for new Libpng vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Libpng Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2021-4214 Aug 24, 2022
A heap overflow flaw was found in libpngs' pngimage.c program A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.
Libpng
CVE-2020-35511 Aug 23, 2022
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
Pngcheck
CVE-2020-27818 Dec 08, 2020
A flaw was found in the check_chunk_name() function of pngcheck-2.4.0 A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability.
Pngcheck
CVE-2017-12652 Jul 10, 2019
libpng before 1.6.32 does not properly check the length of chunks against the user limit. libpng before 1.6.32 does not properly check the length of chunks against the user limit.
Libpng
CVE-2018-14550 Jul 10, 2019
An issue has been found in third-party PNM decoding associated with libpng 1.6.35 An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
Libpng
CVE-2019-7317 Feb 04, 2019
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
Libpng
CVE-2019-6129 Jan 11, 2019
png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.
Libpng
CVE-2018-14048 Jul 13, 2018
An issue has been found in libpng 1.6.34 An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
Libpng
CVE-2018-13785 Jul 09, 2018
In libpng 1.6.34 In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
Libpng
CVE-2016-10087 Jan 30, 2017
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.
Libpng
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.