CVE-2026-25646

EUVD-2026-7050

10.02.2026, 18:16

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
libpng	libpng	𝑥 < 1.6.55

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libpng1.6

bookworm	vulnerable
bookworm (security)	1.6.39-2+deb12u3 fixed
bullseye	vulnerable
bullseye (security)	1.6.37-3+deb11u2 fixed
forky	1.6.55-1 fixed
sid	1.6.55-1 fixed
trixie	vulnerable
trixie (security)	1.6.48-1+deb13u3 fixed

Known Exploits!

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Vulnerability Media Exposure

References

https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3

http://www.openwall.com/lists/oss-security/2026/02/09/7

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3