CNNVD-202601-4539 Information

CNNVD ID

CNNVD-202601-4539

Related CVE

CVE-2025-28164

• CNNVD Published: 2026-01-27

Description (Chinese)

libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.43-1.6.46版本存在安全漏洞，该漏洞源于png_create_read_struct函数存在缓冲区溢出，可能导致本地攻击者造成拒绝服务。

Description (English)

Libpng is a PNG reference library for the creation, reading and writing of PNG graphics files from the Open Source of The PNG Development Group. There is a security loophole in version 1.6png 1.6.43-1.6.46, which stems from the presence of a buffer zone in the png create read struct function, which may lead to denial of services by local attackers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

The PNG Development Group

Published

2026-01-27

Last Modified

2026-02-24

References

https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20 https://github.com/pnggroup/libpng/issues/655

Patch

https://github.com/pnggroup/libpng/tags