Security: pnggroup/libpng
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Use-after-free in `png_set_PLTE`, `png_set_tRNS` and `png_set_hIST` leading to corrupted chunk data and potential heap information disclosureGHSA-6fr7-g8h7-v645 published
Apr 8, 2026 by ctrutaModerate -
Out-of-bounds read/write in the palette expansion on ARM NeonGHSA-wjr5-c57x-95m2 published
Mar 25, 2026 by ctrutaHigh -
Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`GHSA-m4pc-p4q3-4c7j published
Mar 25, 2026 by ctrutaHigh -
Heap buffer overflow in `png_set_quantize`GHSA-g8hp-mq4h-rqm3 published
Feb 10, 2026 by ctrutaHigh -
Integer truncation causing heap buffer over-read in `png_image_write_*`GHSA-vgjq-8cw5-ggw8 published
Jan 12, 2026 by ctrutaModerate -
Heap buffer over-read in `png_image_read_direct_scaled` (regression from CVE-2025-65018 fix)GHSA-mmq5-27w3-rxpp published
Jan 12, 2026 by ctrutaModerate -
Out-of-bounds read in `png_image_read_composite`GHSA-9mpm-9pxh-mg4f published
Dec 3, 2025 by ctrutaHigh -
Heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`GHSA-7wv6-48j4-hj3g published
Nov 22, 2025 by ctrutaHigh -
Buffer overflow in `png_image_read_composite` via incorrect palette premultiplicationGHSA-hfc7-ph9c-wcww published
Nov 22, 2025 by ctrutaHigh -
Heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabledGHSA-qpr4-xm66-hww6 published
Nov 22, 2025 by ctrutaModerate
Learn more about advisories related to pnggroup/libpng in the GitHub Advisory Database