CNNVD-202601-1878 Information
CNNVD ID
CNNVD-202601-1878
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.51版本至1.6.53版本存在缓冲区错误漏洞,该漏洞源于png_image_finish_read函数存在堆缓冲区过度读取。
Description (English)
Libpng is a PNG reference library for the creation, reading and writing of PNG graphics files from the Open Source of The PNG Development Group. libpng 1.6.51 to 1.6.53 contains an error loophole in the buffer zone, resulting from the overreading of the buffer zone in the png image finish read function.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
The PNG Development Group
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea https://github.com/pnggroup/libpng/commit/e4f7ad4ea2 https://github.com/pnggroup/libpng/issues/778 https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp
Patch
https://github.com/pnggroup/libpng/tags
Share on: