VulnerableCode Package Details - pkg:deb/debian/libpng1.6@1.6.36-6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/libpng1.6@1.6.36-6

Essentials
History (45)

purl	pkg:deb/debian/libpng1.6@1.6.36-6

Next non-vulnerable version	1.6.39-2+deb12u4
Latest non-vulnerable version	1.6.57-1
Risk	4.0

Vulnerabilities affecting this package (12)

Vulnerability	Summary	Fixed by
VCID-2xdm-ndp3-47f4 Aliases: CVE-2018-14048	Improper Handling of Exceptional Conditions An issue has been found in libpng It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.	1.6.37-3 Affected by 14 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-663w-wmsg-zkc5 Aliases: CVE-2018-14550 GHSA-qwwr-qc2p-6283	Out-of-bounds Write An issue has been found in third-party PNM decoding associated with libpng It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.	1.6.37-3 Affected by 14 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7923-9g38-jqc3 Aliases: CVE-2025-65018	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7qam-er5a-gbas Aliases: CVE-2026-22801	libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dm7h-c7wt-1kbs Aliases: CVE-2026-33416	libpng: libpng: Arbitrary code execution due to use-after-free vulnerability	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-j7dk-wzkm-tfcr Aliases: CVE-2025-66293	libpng: LIBPNG out-of-bounds read in png_image_read_composite	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kwag-k17x-kyaj Aliases: CVE-2025-64505	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n4kj-urjq-2uav Aliases: CVE-2025-64720	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p6b5-1ba6-b3f8 Aliases: CVE-2025-64506	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ptgq-884e-mkft Aliases: CVE-2026-33636	libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rm7f-ybuf-dyfq Aliases: CVE-2026-22695	libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xyhj-84d1-dqh3 Aliases: CVE-2026-25646	libpng: LIBPNG has a heap buffer overflow in png_set_quantize	1.6.39-2+deb12u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (3)

Vulnerability	Summary	Aliases
VCID-8g2j-rqsk-zqfh	Improper Input Validation libpng does not properly check the length of chunks against the user limit.	CVE-2017-12652
VCID-fx8t-41tv-hkdu	Use After Free png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.	CVE-2019-7317
VCID-q3qv-kycc-eqfw	Divide By Zero In libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.	CVE-2018-13785

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:15:17.938061+00:00	Debian Oval Importer	Affected by	VCID-dm7h-c7wt-1kbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T01:14:55.484509+00:00	Debian Oval Importer	Affected by	VCID-ptgq-884e-mkft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T00:02:24.310895+00:00	Debian Oval Importer	Affected by	VCID-2xdm-ndp3-47f4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:41:57.564696+00:00	Debian Oval Importer	Fixing	VCID-fx8t-41tv-hkdu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:21:12.796154+00:00	Debian Oval Importer	Affected by	VCID-j7dk-wzkm-tfcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T21:04:51.365897+00:00	Debian Oval Importer	Affected by	VCID-p6b5-1ba6-b3f8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:20:21.783577+00:00	Debian Oval Importer	Affected by	VCID-7qam-er5a-gbas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:35:41.324261+00:00	Debian Oval Importer	Affected by	VCID-7923-9g38-jqc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:03:40.683726+00:00	Debian Oval Importer	Affected by	VCID-rm7f-ybuf-dyfq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:48:48.101628+00:00	Debian Oval Importer	Fixing	VCID-8g2j-rqsk-zqfh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:00:56.667232+00:00	Debian Oval Importer	Affected by	VCID-n4kj-urjq-2uav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:16:56.736884+00:00	Debian Oval Importer	Affected by	VCID-xyhj-84d1-dqh3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:07:56.573956+00:00	Debian Oval Importer	Affected by	VCID-kwag-k17x-kyaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:51:03.652777+00:00	Debian Oval Importer	Fixing	VCID-q3qv-kycc-eqfw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:32:08.625396+00:00	Debian Oval Importer	Affected by	VCID-663w-wmsg-zkc5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-12T00:47:06.513480+00:00	Debian Oval Importer	Affected by	VCID-dm7h-c7wt-1kbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-12T00:46:44.331696+00:00	Debian Oval Importer	Affected by	VCID-ptgq-884e-mkft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:36:30.836198+00:00	Debian Oval Importer	Affected by	VCID-2xdm-ndp3-47f4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:16:43.690308+00:00	Debian Oval Importer	Fixing	VCID-fx8t-41tv-hkdu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:58:37.724219+00:00	Debian Oval Importer	Affected by	VCID-j7dk-wzkm-tfcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:44:55.584095+00:00	Debian Oval Importer	Affected by	VCID-p6b5-1ba6-b3f8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:02:02.201636+00:00	Debian Oval Importer	Affected by	VCID-7qam-er5a-gbas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:18:25.186013+00:00	Debian Oval Importer	Affected by	VCID-7923-9g38-jqc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:49:24.020324+00:00	Debian Oval Importer	Affected by	VCID-rm7f-ybuf-dyfq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:34:41.951297+00:00	Debian Oval Importer	Fixing	VCID-8g2j-rqsk-zqfh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:47:32.022331+00:00	Debian Oval Importer	Affected by	VCID-n4kj-urjq-2uav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:04:16.967650+00:00	Debian Oval Importer	Affected by	VCID-xyhj-84d1-dqh3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:55:26.684116+00:00	Debian Oval Importer	Affected by	VCID-kwag-k17x-kyaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:38:43.158271+00:00	Debian Oval Importer	Fixing	VCID-q3qv-kycc-eqfw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:20:08.457243+00:00	Debian Oval Importer	Affected by	VCID-663w-wmsg-zkc5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-09T00:16:50.694753+00:00	Debian Oval Importer	Affected by	VCID-dm7h-c7wt-1kbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-09T00:16:28.151550+00:00	Debian Oval Importer	Affected by	VCID-ptgq-884e-mkft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:09:07.819472+00:00	Debian Oval Importer	Affected by	VCID-2xdm-ndp3-47f4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:50:10.978370+00:00	Debian Oval Importer	Fixing	VCID-fx8t-41tv-hkdu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:35:48.869696+00:00	Debian Oval Importer	Affected by	VCID-j7dk-wzkm-tfcr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:24:46.163476+00:00	Debian Oval Importer	Affected by	VCID-p6b5-1ba6-b3f8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:43:43.713352+00:00	Debian Oval Importer	Affected by	VCID-7qam-er5a-gbas	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:02:13.798515+00:00	Debian Oval Importer	Affected by	VCID-7923-9g38-jqc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:36:36.289157+00:00	Debian Oval Importer	Affected by	VCID-rm7f-ybuf-dyfq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:22:26.796163+00:00	Debian Oval Importer	Fixing	VCID-8g2j-rqsk-zqfh	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:37:47.571456+00:00	Debian Oval Importer	Affected by	VCID-n4kj-urjq-2uav	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:57:05.922517+00:00	Debian Oval Importer	Affected by	VCID-xyhj-84d1-dqh3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:48:40.780331+00:00	Debian Oval Importer	Affected by	VCID-kwag-k17x-kyaj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:32:39.786034+00:00	Debian Oval Importer	Fixing	VCID-q3qv-kycc-eqfw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:14:50.857504+00:00	Debian Oval Importer	Affected by	VCID-663w-wmsg-zkc5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0