Libpng

By the Year

In 2026 there have been 4 vulnerabilities in Libpng with an average score of 5.4 out of ten. Last year, in 2025 Libpng had 5 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Libpng in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.27

Recent Libpng Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-3713	Mar 08, 2026	Local Heap Buffer Overflow in libpng <=1.6.55 pnm2png A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.	Libpng
CVE-2026-25646	Feb 10, 2026	LibPNG 1.6.55-Pre: OOB Read in png_set_quantize() w/ no hist leads to infinite loop LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.	Libpng
CVE-2025-28164	Jan 27, 2026	DOS via Buffer Overflow in libpng 1.6.43-1.6.46 (png_create_read_struct()) Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.	Libpng
CVE-2025-28162	Jan 27, 2026	Buffer Overflow in libpng 1.6.431.6.46 (PNGIMAGE) Local DoS Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive	Libpng
CVE-2025-66293	Dec 03, 2025	libpng OOB Read in simplified API before 1.6.52 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.	Libpng
CVE-2025-65018	Nov 24, 2025	libpng 1.6.01.6.50 Heap Buffer Overflow in png_image_finish_read LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.	Libpng
CVE-2025-64720	Nov 24, 2025	libpng 1.6.0-1.6.51 OOB Read in png_image_read_composite LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.	Libpng
CVE-2025-64506	Nov 24, 2025	Heap over-read in libpng png_write_image_8bit pre-1.6.51 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.	Libpng
CVE-2025-64505	Nov 24, 2025	Libpng <1.6.51 Heap Over-read via png_do_quantize on Malformed Palette LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.	Libpng
CVE-2021-4214	Aug 24, 2022	Heap Overflow in libpng's pngimage Utility Causes DoS A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.	Libpng