VulnerableCode Package Details - pkg:deb/debian/libpng1.6@1.6.58-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2xdm-ndp3-47f4	Improper Handling of Exceptional Conditions An issue has been found in libpng It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.	CVE-2018-14048
VCID-3ggs-vja8-r3de	Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.	CVE-2015-0973
VCID-663w-wmsg-zkc5	Out-of-bounds Write An issue has been found in third-party PNM decoding associated with libpng It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.	CVE-2018-14550 GHSA-qwwr-qc2p-6283
VCID-7923-9g38-jqc3	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	CVE-2025-65018
VCID-7qam-er5a-gbas	libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API	CVE-2026-22801
VCID-8g2j-rqsk-zqfh	Improper Input Validation libpng does not properly check the length of chunks against the user limit.	CVE-2017-12652
VCID-9d14-kqac-nbbt	Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.	CVE-2015-8472
VCID-dm7h-c7wt-1kbs	libpng: libpng: Arbitrary code execution due to use-after-free vulnerability	CVE-2026-33416
VCID-fx8t-41tv-hkdu	Use After Free png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.	CVE-2019-7317
VCID-gk2b-sstt-2fgh	libpng: memory leak of png_info struct in pngcp.c	CVE-2019-6129
VCID-h89j-mr17-rua9	Uncontrolled Resource Consumption Multiple integer overflows in libpng rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.	CVE-2013-7354
VCID-j7dk-wzkm-tfcr	libpng: LIBPNG out-of-bounds read in png_image_read_composite	CVE-2025-66293
VCID-kwag-k17x-kyaj	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	CVE-2025-64505
VCID-mxh6-rpb3-tbbq	Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.	CVE-2014-9495
VCID-n4kj-urjq-2uav	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	CVE-2025-64720
VCID-nhbw-6tpy-pbh3	Uncontrolled Resource Consumption The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.	CVE-2014-0333
VCID-p6b5-1ba6-b3f8	Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.	CVE-2025-64506
VCID-ptgq-884e-mkft	libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion	CVE-2026-33636
VCID-q3qv-kycc-eqfw	Divide By Zero In libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.	CVE-2018-13785
VCID-rm7f-ybuf-dyfq	libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read	CVE-2026-22695
VCID-una1-4acn-s3dy	Heap-based Buffer Overflow Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.	CVE-2013-7353
VCID-uxj6-4181-rygt	libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function	CVE-2025-28164
VCID-uxqz-nx2v-6yc5	libpng: libpng: Denial of Service via buffer overflow in pngimage utility	CVE-2025-28162
VCID-xyhj-84d1-dqh3	libpng: LIBPNG has a heap buffer overflow in png_set_quantize	CVE-2026-25646
VCID-zetn-zwnv-u7gf	NULL Pointer Dereference The png_set_text_2 function in libpng allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.	CVE-2016-10087
VCID-zmjn-418h-ebg8		CVE-2026-34757

Vulnerability

Summary

Aliases

VCID-2xdm-ndp3-47f4

Improper Handling of Exceptional Conditions An issue has been found in libpng It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

CVE-2018-14048

VCID-3ggs-vja8-r3de

Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

CVE-2015-0973

VCID-663w-wmsg-zkc5

Out-of-bounds Write An issue has been found in third-party PNM decoding associated with libpng It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.

CVE-2018-14550
GHSA-qwwr-qc2p-6283

VCID-7923-9g38-jqc3

Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

CVE-2025-65018

VCID-7qam-er5a-gbas

libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API

CVE-2026-22801

VCID-8g2j-rqsk-zqfh

Improper Input Validation libpng does not properly check the length of chunks against the user limit.

CVE-2017-12652

VCID-9d14-kqac-nbbt

Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow in the png_set_PLTE function in libpng allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.

CVE-2015-8472

VCID-dm7h-c7wt-1kbs

libpng: libpng: Arbitrary code execution due to use-after-free vulnerability

CVE-2026-33416

VCID-fx8t-41tv-hkdu

Use After Free png_image_free in png.c in libpng has a use-after-free because png_image_free_function is called under png_safe_execute.

CVE-2019-7317

VCID-gk2b-sstt-2fgh

libpng: memory leak of png_info struct in pngcp.c

CVE-2019-6129

VCID-h89j-mr17-rua9

Uncontrolled Resource Consumption Multiple integer overflows in libpng rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

CVE-2013-7354

VCID-j7dk-wzkm-tfcr

libpng: LIBPNG out-of-bounds read in png_image_read_composite

CVE-2025-66293

VCID-kwag-k17x-kyaj

Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

CVE-2025-64505

VCID-mxh6-rpb3-tbbq

Improper Restriction of Operations within the Bounds of a Memory Buffer Heap-based buffer overflow in the png_combine_row function in libpng, when running on systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.

CVE-2014-9495

VCID-n4kj-urjq-2uav

Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

CVE-2025-64720

VCID-nhbw-6tpy-pbh3

Uncontrolled Resource Consumption The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.

CVE-2014-0333

VCID-p6b5-1ba6-b3f8

Multiple vulnerabilities have been discovered in libpng, the worst of which could lead to execution of arbitrary code.

CVE-2025-64506

VCID-ptgq-884e-mkft

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

CVE-2026-33636

VCID-q3qv-kycc-eqfw

Divide By Zero In libpng, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

CVE-2018-13785

VCID-rm7f-ybuf-dyfq

libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

CVE-2026-22695

VCID-una1-4acn-s3dy

Heap-based Buffer Overflow Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.

CVE-2013-7353

VCID-uxj6-4181-rygt

libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function

CVE-2025-28164

VCID-uxqz-nx2v-6yc5

libpng: libpng: Denial of Service via buffer overflow in pngimage utility

CVE-2025-28162

VCID-xyhj-84d1-dqh3

libpng: LIBPNG has a heap buffer overflow in png_set_quantize

CVE-2026-25646

VCID-zetn-zwnv-u7gf

NULL Pointer Dereference The png_set_text_2 function in libpng allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.

CVE-2016-10087

VCID-zmjn-418h-ebg8

CVE-2026-34757

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T22:44:18.805820+00:00	Debian Importer	Fixing	VCID-zmjn-418h-ebg8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.758313+00:00	Debian Importer	Fixing	VCID-ptgq-884e-mkft	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.691983+00:00	Debian Importer	Fixing	VCID-dm7h-c7wt-1kbs	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.632640+00:00	Debian Importer	Fixing	VCID-xyhj-84d1-dqh3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.559821+00:00	Debian Importer	Fixing	VCID-7qam-er5a-gbas	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.490064+00:00	Debian Importer	Fixing	VCID-rm7f-ybuf-dyfq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.421323+00:00	Debian Importer	Fixing	VCID-j7dk-wzkm-tfcr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.357427+00:00	Debian Importer	Fixing	VCID-7923-9g38-jqc3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.292760+00:00	Debian Importer	Fixing	VCID-n4kj-urjq-2uav	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.231334+00:00	Debian Importer	Fixing	VCID-p6b5-1ba6-b3f8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.167535+00:00	Debian Importer	Fixing	VCID-kwag-k17x-kyaj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.102697+00:00	Debian Importer	Fixing	VCID-uxj6-4181-rygt	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:18.045453+00:00	Debian Importer	Fixing	VCID-uxqz-nx2v-6yc5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.992556+00:00	Debian Importer	Fixing	VCID-fx8t-41tv-hkdu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.940971+00:00	Debian Importer	Fixing	VCID-gk2b-sstt-2fgh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.889038+00:00	Debian Importer	Fixing	VCID-663w-wmsg-zkc5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.845686+00:00	Debian Importer	Fixing	VCID-2xdm-ndp3-47f4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.798160+00:00	Debian Importer	Fixing	VCID-q3qv-kycc-eqfw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.746447+00:00	Debian Importer	Fixing	VCID-8g2j-rqsk-zqfh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.699696+00:00	Debian Importer	Fixing	VCID-zetn-zwnv-u7gf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.645642+00:00	Debian Importer	Fixing	VCID-9d14-kqac-nbbt	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.593367+00:00	Debian Importer	Fixing	VCID-3ggs-vja8-r3de	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.541753+00:00	Debian Importer	Fixing	VCID-mxh6-rpb3-tbbq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.489958+00:00	Debian Importer	Fixing	VCID-nhbw-6tpy-pbh3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.445502+00:00	Debian Importer	Fixing	VCID-h89j-mr17-rua9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:44:17.401055+00:00	Debian Importer	Fixing	VCID-una1-4acn-s3dy	https://security-tracker.debian.org/tracker/data/json	38.4.0