7.6

CVE-2026-33636

Medienbericht

LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version >= 1.6.36 < 1.6.56
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.433
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 7.6 2.8 4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
07.07.2026 12:33
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.04.2026 15:19
https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2
Patch
Vendor Advisory
https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869
Patch
https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3
Patch