CNNVD-202511-2688 Information
CNNVD ID
CNNVD-202511-2688
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.0版本至1.6.51之前版本存在缓冲区错误漏洞,该漏洞源于png_write_image_8bit函数处理8位图像时存在堆缓冲区越界读取,可能导致越界内存访问。
Description (English)
Libpng is a PNG reference library for the creation, reading and writing of PNG graphics files from the Open Source of The PNG Development Group. The previous version of libpng 1.6.0 to 1.6.51 had an error loophole in the buffer zone, which originated from the png write image 8bit function ’ s handling of eight images when there were piles of buffer zone reading across borders, which could lead to cross-border memory access.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
The PNG Development Group
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 https://github.com/pnggroup/libpng/pull/749 https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6
Patch
https://github.com/pnggroup/libpng/tags
Share on: