CNNVD-202511-2689 Information
CNNVD ID
CNNVD-202511-2689
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.0版本至1.6.51之前版本存在缓冲区错误漏洞,该漏洞源于png_image_read_composite函数处理调色板图像时存在越界读取,可能导致违反PNG API规范。
Description (English)
Libpng is a PNG reference library for the creation, reading and writing of PNG graphics files from the Open Source of The PNG Development Group. The previous versions of libpng 1.6.0 to 1.6.51 contain a buffer zone error loophole, which stems from the cross-border reading of palette images in the png image read composite function and may lead to violations of PNG API norms.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
The PNG Development Group
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 https://github.com/pnggroup/libpng/issues/686 https://github.com/pnggroup/libpng/pull/751 https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww
Patch
https://github.com/pnggroup/libpng/tags
Share on: