libpng — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in libpng, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34757	LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure CWE-416	5.1	Medium	2026-04-09
CVE-2026-33636	LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64 CWE-125	7.6	High	2026-03-26
CVE-2026-33416	LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` CWE-416	7.5	High	2026-03-26
CVE-2026-3713	pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow CWE-122	5.3	Medium	2026-03-08
CVE-2026-25646	LIBPNG has a heap buffer overflow in png_set_quantize CWE-122	7.5	-	2026-02-10
CVE-2026-22801	LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_* CWE-125	6.8	Medium	2026-01-12
CVE-2026-22695	LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix) CWE-125	6.1	Medium	2026-01-12
CVE-2025-66293	LIBPNG has an out-of-bounds read in png_image_read_composite CWE-125	7.1	High	2025-12-03
CVE-2025-65018	LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` CWE-787	7.1	High	2025-11-24
CVE-2025-64720	LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication CWE-125	7.1	High	2025-11-24
CVE-2025-64506	LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images CWE-125	6.1	Medium	2025-11-24
CVE-2025-64505	LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index CWE-125	6.1	Medium	2025-11-24
CVE-2021-4214	libpng 缓冲区错误漏洞 CWE-120	5.7	-	2022-08-24

All 13 known CVE vulnerabilities affecting libpng with full Chinese analysis, references, and POCs where available.