CNNVD-202511-2687 Information
CNNVD ID
CNNVD-202511-2687
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.0版本至1.6.51之前版本存在缓冲区错误漏洞,该漏洞源于png_image_finish_read函数处理16位交错PNG时存在堆缓冲区溢出,可能导致越界写入。
Description (English)
Libpng is a PNG reference library for the creation, reading and writing of PNG graphics files from the Open Source of The PNG Development Group. The previous version of libpng Version 1.6.0 to 1.6.51 contains a buffer zone error loophole, which stems from the spilling of the buffer zone when the png image finish read function handles 16-intersect PNG, which may result in cross-border writing.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
The PNG Development Group
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/pnggroup/libpng/pull/757 https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d https://github.com/pnggroup/libpng/issues/755 https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://www.oracle.com/security-alerts/cpujan2026.html
Patch
https://github.com/pnggroup/libpng/tags
Share on: