LIBPNG Memory Safety Vulnerabilities

Out-of-bounds read and write in libpng's ARM/AArch64 Neon-optimized palette expansion allows remote attackers to trigger memory corruption, information disclosure, and denial of service when processing malicious PNG files. libpng versions 1.6.36 through 1.6.55 are affected on ARM platforms with Neon optimization enabled. Version 1.6.56 contains the fix. No public exploit identified at time of analysis, with SSVC framework indicating no active exploitation, non-automatable attack vector, and partial technical impact.

A security vulnerability in versions 1.2.1 (CVSS 7.5). High severity vulnerability requiring prompt remediation.