CNNVD-202511-2690 Information
CNNVD ID
CNNVD-202511-2690
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.51之前版本存在缓冲区错误漏洞,该漏洞源于png_do_quantize函数处理畸形PNG文件时存在堆缓冲区越界读取,可能导致越界内存访问。
Description (English)
Libpng is a PNG reference library for the creation, reading and writing of PNG graphics files from the Open Source of The PNG Development Group. The previous version of libpng 1.6.51 had an error loophole in the buffer zone, which stemmed from the presence of piles of buffer zone reading across the border when the png do quantize function dealt with abnormal PNG files, which could lead to cross-border memory access.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
The PNG Development Group
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 https://github.com/pnggroup/libpng/pull/748 https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42
Patch
https://github.com/pnggroup/libpng/tags
Share on: