Known Vulnerabilities for products from Libpng
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libpng".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33636 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raste... | Not Provided | 2026-03-26 | 2026-04-02 |
| CVE-2026-33416 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raste... | Not Provided | 2026-03-26 | 2026-04-02 |
| CVE-2020-35511 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-08-23 | 2023-02-02 |
| CVE-2020-27818 | A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be proces... | 3.3 - LOW | 2020-12-08 | 2023-11-07 |
| CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under pn... | 5.3 - MEDIUM | 2019-02-04 | 2022-05-23 |
| CVE-2019-6129 | ** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third pa... | 6.5 - MEDIUM | 2019-01-11 | 2023-11-07 |
| CVE-2018-14550 | An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the... | 8.8 - HIGH | 2019-07-10 | 2023-03-01 |
| CVE-2018-14048 | An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended err... | 6.5 - MEDIUM | 2018-07-13 | 2022-06-27 |
| CVE-2018-13785 | In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an intege... | 6.5 - MEDIUM | 2018-07-09 | 2022-06-27 |
| CVE-2017-12652 | libpng before 1.6.32 does not properly check the length of chunks against the user limit. | 9.8 - CRITICAL | 2019-07-10 | 2023-11-07 |
| CVE-2016-10087 | The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and ... | 7.5 - HIGH | 2017-01-30 | 2023-11-07 |
| CVE-2016-3751 | Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.... | 7.8 - HIGH | 2016-07-11 | 2016-07-11 |
| CVE-2015-8540 | Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and... | 8.8 - HIGH | 2016-04-14 | 2023-11-07 |
| CVE-2015-8472 | Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.... | 7.3 - HIGH | 2016-01-21 | 2017-11-04 |
| CVE-2015-8126 | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x bef... | 7.5 - HIGH | 2015-11-13 | 2022-05-13 |
| CVE-2015-7981 | The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allo... | 5 - MEDIUM | 2015-11-24 | 2017-07-01 |
| CVE-2015-0973 | Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows conte... | 7.5 - HIGH | 2015-01-18 | 2016-10-20 |
| CVE-2014-9495 | Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 6... | 10 - HIGH | 2015-01-10 | 2016-10-18 |
| CVE-2014-0333 | The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attacke... | 5 - MEDIUM | 2014-02-27 | 2014-03-26 |
| CVE-2013-7354 | Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a craf... | 5 - MEDIUM | 2014-05-06 | 2016-12-31 |