Buffer overflow in Pnggroup Libpng

CVE-2026-25646

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (23.8th percentile) — read the EPSS interpretation.

Affected products

Pnggroup Libpng — versions < 1.6.55

Weakness classification (CWE)

References

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 (x_refsource_CONFIRM)
https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88 (x_refsource_MISC)