CVE-2026-25646
LIBPNG has a heap buffer overflow in png_set_quantize
CVSS Score
7.0
EPSS Score
0.0%
EPSS Percentile
0th
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
| CWE | CWE-122 CWE-126 |
| Vendor | pnggroup |
| Product | libpng |
| Published | Feb 10, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for pnggroup libpng
Be the first to know when new high vulnerabilities affecting pnggroup libpng are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
pnggroup / libpng
< 1.6.55
References
github.com: https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 github.com: https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 openwall.com: http://www.openwall.com/lists/oss-security/2026/02/09/7 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-25646 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2438542 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25646.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4756 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7032 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9254 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12274 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7239 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:15087 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14773 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10097 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:17596 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6553 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7243 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3577 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3551 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9686 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6445 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6439 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7035 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6466 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7036 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6467 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7033 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6469 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7034 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6468 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3573 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4222 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3575 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4221 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3574 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3969 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3576 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3968 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3405 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3031 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4728 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4732 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4731 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4730 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4729 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4306 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9255 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8748 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8746 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8747 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:16174 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:9687 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5606 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4501 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6732