Skip to main content

Red Hat EUVD-2026-16269

| CVE-2026-33636 HIGH
Out-of-bounds Read (CWE-125)
2026-03-26 GitHub_M
Buffer Overflow Information Disclosure Red Hat
7.6
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.6 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
SUSE
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Red Hat
7.6 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 17:15 euvd
EUVD-2026-16269
Analysis Generated
Mar 26, 2026 - 17:15 vuln.today
CVE Published
Mar 26, 2026 - 16:51 nvd
HIGH 7.6

DescriptionGitHub Advisory

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.

Articles & Coverage 1

securityonline.info Critical RCE and UAF Flaws in libpng: CVE-2026-33416 and CVE-2026-33636

AnalysisAI

Out-of-bounds read and write in libpng's ARM/AArch64 Neon-optimized palette expansion allows remote attackers to trigger memory corruption, information disclosure, and denial of service when processing malicious PNG files. libpng versions 1.6.36 through 1.6.55 are affected on ARM platforms with Neon optimization enabled. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious PNG with 8-bit palette
Delivery
Load image in vulnerable libpng
Exploit
Trigger Neon palette expansion
Execution
Out-of-bounds read/write in buffer
Impact
Memory corruption and denial of service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Victim must open or process a crafted PNG image file with 8-bit paletted colors using libpng 1.6.36–1.6.55 on ARM/AArch64 systems with Neon SIMD optimization enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS score of 7.6 reflects network attack vector (AV:N), low complexity (AC:L), no privileges required (PR:N), but requires user interaction (UI:R) to open a malicious PNG file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious PNG file with specific palette configuration designed to trigger the Neon optimization path with a partial final chunk. When a user on an ARM-based Linux system opens this PNG in an image viewer, web browser, or any application using the vulnerable libpng library, the out-of-bounds operations could leak sensitive memory contents from adjacent heap regions or cause application crashes through memory corruption. …
Remediation Upgrade libpng to version 1.6.56 or later, which contains the complete fix per the upstream commits at https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 and https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all systems running libpng 1.6.36-1.6.55 on ARM/AArch64 architectures (inspect container images, embedded devices, and ARM servers); document exposure scope and prioritize internet-facing or data-processing systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Debian

Bug #1132013
libpng1.6
Release Status Fixed Version Urgency
bullseye vulnerable 1.6.37-3 -
bullseye (security) vulnerable 1.6.37-3+deb11u2 -
bookworm vulnerable 1.6.39-2+deb12u1 -
bookworm (security) vulnerable 1.6.39-2+deb12u3 -
trixie (security), trixie vulnerable 1.6.48-1+deb13u3 -
forky, sid vulnerable 1.6.55-1 -
(unstable) fixed (unfixed) -

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed

Share

EUVD-2026-16269 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy