libpng · threatengine.sh

CVE-2026-34757

>= 1.0.9 and < 1.6.57

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

5.1MEDIUM

CVE-2026-33636

>= 1.6.36 and < 1.6.56

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

7.6HIGH

CVE-2026-33416

>= 1.2.1 and < 1.6.56

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

7.5HIGH

CVE-2026-25646

< 1.6.55

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

8.1HIGH

CVE-2025-28164

>= 1.6.43 and <= 1.6.46

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_str

5.5MEDIUM

CVE-2025-28162

>= 1.6.43 and <= 1.6.46

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with A

5.5MEDIUM

CVE-2026-22801

>= 1.6.26 and < 1.6.54

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

6.8MEDIUM

CVE-2026-22695

>= 1.6.51 and < 1.6.54

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

6.1MEDIUM

CVE-2025-66293

< 1.6.52

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

7.1HIGH

CVE-2025-65018

>= 1.6.0 and < 1.6.51

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

7.1HIGH

CVE-2025-64720

>= 1.6.0 and < 1.6.51

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

7.1HIGH

CVE-2025-64506

>= 1.6.0 and < 1.6.51

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

6.1MEDIUM

CVE-2025-64505

< 1.6.51

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster ima

6.1MEDIUM

CVE-2021-4214

all versions

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a sp

5.5MEDIUM

CVE-2020-35511

all versions

A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.

7.8HIGH

CVE-2020-27818

all versions

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed b

3.3LOW

CVE-2017-12652

< 1.6.32

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

9.8CRITICAL

CVE-2018-14550

all versions

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the func

8.8HIGH

CVE-2019-7317

>= 1.6.0 and < 1.6.37

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_saf

5.3MEDIUM

CVE-2019-6129

all versions

png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I do

6.5MEDIUM

CVE-2018-14048

all versions

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error ha

6.5MEDIUM

CVE-2018-13785

all versions

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer ove

6.5MEDIUM

CVE-2016-10087

all versions

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x

7.5HIGH

CVE-2016-3751

<= 1.6.19

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, an

7.8HIGH

CVE-2015-8540

all versions

Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.

8.8HIGH

CVE-2015-8472

all versions

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1

7.3HIGH

CVE-2015-7981

all versions

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows re

CVE-2015-8126

< 1.0.64

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1

CVE-2015-0973

<= 1.5.20

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-de

8.8HIGH

CVE-2014-9495

<= 1.5.20

Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit

8.8HIGH

CVE-2013-7354

<= 1.5.13

Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted i

6.5MEDIUM

CVE-2013-7353

<= 1.5.13

Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent

6.5MEDIUM

CVE-2014-0333

all versions

The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to

CVE-2013-6954

<= 1.6.8

The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer deref

6.5MEDIUM

CVE-2012-3425

all versions

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x b

CVE-2011-3464

all versions

Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to

CVE-2011-3048

all versions

The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before

CVE-2011-3045

< 1.5.10

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before

8.8HIGH

CVE-2011-3328

all versions

The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to c

CVE-2009-5063

<= 1.2.38

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to

CVE-2006-7244

<= 1.2.15

Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to caus

CVE-2011-2692

>= 1.0.0 and < 1.0.55

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x befor

8.8HIGH

CVE-2011-2691

>= 1.0.0 and < 1.0.55

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4

6.5MEDIUM

CVE-2011-2690

>= 1.0.0 and < 1.0.55

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an ap

8.8HIGH

CVE-2011-2501

>= 1.0.0 and < 1.0.55

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x bef

6.5MEDIUM

CVE-2011-0408

all versions

pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execu

CVE-2010-2249

< 1.2.44

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (m

6.5MEDIUM

CVE-2010-1205

< 1.2.44

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow rem

9.8CRITICAL

CVE-2010-0205

>= 1.0.0 and < 1.0.53

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does no

CVE-2009-2042

<= 1.2.35

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes l

CVE-2009-0040

< 1.0.43

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows

CVE-2008-6218

all versions

Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent a

CVE-2008-5907

< 1.0.42

The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attac

CVE-2008-3964

< 1.2.32

Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a

CVE-2008-1382

all versions

libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause

CVE-2007-5269

<= 1.2.20

Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash)

CVE-2007-5268

< 1.0.29

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect compari

CVE-2007-5267

<= 1.2.21

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remot

CVE-2007-5266

<= 1.0.28

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x be

CVE-2007-2445

<= 1.0.15

The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a deni

CVE-2006-5793

all versions

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wron

CVE-2006-3334

<= 1.2.11

Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to c

CVE-2006-0481

all versions

Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of s

CVE-2004-0599

<= 1.2.5

Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive

CVE-2004-0598

<= 1.2.5

The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash)

CVE-2004-0597

<= 1.2.5

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary c

CVE-2004-0768

all versions

libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitra

CVE-2004-0421

all versions

The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malf

CVE-2002-1363

all versions

Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attacke

CVE-2002-0728

all versions

Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a deni

CVE-2002-0660

all versions

Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may