CNNVD-202602-1480 Information
CNNVD ID
CNNVD-202602-1480
Related CVE
- CNNVD Published: 2026-02-10
Description (Chinese)
libpng是The PNG Development Group开源的一个可对PNG图形文件实现创建、读写等操作的PNG参考库。 libpng 1.6.55之前版本存在安全漏洞,该漏洞源于png_set_quantize函数存在越界读取,可能导致无限循环和堆缓冲区读取越界。
Description (English)
Libpng is a PNG reference library for the creation, reading and writing of PNG graphics files from the Open Source of The PNG Development Group. There is a security loophole in the pre-libpng 1.6.55 version, which stems from the cross-border reading of the png set quantize function, which may lead to unlimited circulation and to cross-border reading in stacked buffer zones.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
The PNG Development Group
Published
2026-02-10
Last Modified
2026-02-24
References
https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 http://www.openwall.com/lists/oss-security/2026/02/09/7 https://access.redhat.com/security/cve/cve-2026-25646
Patch
https://www.libpng.org/pub/png/libpng.html
Share on: