Skip to main content

Libpng CVE-2026-25646

HIGH
Heap-based Buffer Overflow (CWE-122)
2026-02-10 security-advisories@github.com
Buffer Overflow Denial Of Service Libpng Red Hat Suse
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.0 HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
PoC Detected
Feb 13, 2026 - 20:43 vuln.today
Public exploit code
Patch released
Feb 13, 2026 - 20:43 nvd
Patch available
CVE Published
Feb 10, 2026 - 18:16 nvd
HIGH 8.1

DescriptionGitHub Advisory

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

AnalysisAI

Out-of-bounds heap buffer reads in libpng versions prior to 1.6.55 can be triggered through the png_set_quantize() function when processing specially crafted PNG images with specific palette configurations, potentially causing denial of service or information disclosure. Public exploit code exists for this vulnerability, affecting applications that use libpng to process untrusted PNG files. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious PNG with palette exceeding twice display colors
Exploit
Application calls png_set_quantize() without histogram
Execution
Out-of-bounds read from heap buffer
Impact
Memory disclosure and potential code execution
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Application must call png_set_quantize() API with no histogram parameter on a PNG file containing a palette with colors exceeding twice the maximum supported by the display. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.1 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker could exploit this vulnerability to compromise the affected system.
Remediation A vendor patch is available — apply it immediately. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all systems and applications using libpng; prioritize production environments and customer-facing services. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container private-registry/harbor-portal:1.1.1-1.28 Container suse/manager/5.0/x86_64/server-attestation:latest Container suse/manager/5.0/x86_64/server:latest Container suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.2.8.15.2 Container suse/multi-linux-manager/5.1/x86_64/server:5.1.2.8.13.2 Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-EC2 Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-GCE-3P Image SLES15-SP7-HPC-BYOS-EC2 Image server-attestation-image Image server-image Affected
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.57 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.96 Image SL-Micro Affected
Container suse/sl-micro/6.0/toolbox:latest Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.27 Image SL-Micro-Base Image SL-Micro-Base-RT Image SL-Micro-Base-RT-SelfInstall Image SL-Micro-Base-RT-encrypted Image SL-Micro-Base-SelfInstall Image SL-Micro-Base-encrypted Image SL-Micro-Base-qcow Image SL-Micro-Default Image SL-Micro-Default-SelfInstall Image SL-Micro-Default-encrypted Image SL-Micro-Default-qcow Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2026-25646 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy