CVE-2026-25646
HIGHlibpng < 1.6.55 - Buffer Over-read in png_set_quantize()
Title source: llmDescription
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
Patch x_refsource_misc
https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88
Scores
CVSS v3
8.1
EPSS
0.0091
EPSS Percentile
55.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-126
CWE-122
Status
published
Products (1)
libpng/libpng
< 1.6.55
Published
Feb 10, 2026
Tracked Since
Feb 18, 2026