QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-25646

Back to search

CVE-2026-25646

Published: Feb 10, 2026

Modified: Feb 11, 2026

PUBLISHED

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

VendorProductVersions

pnggroup

libpng

affected
< 1.6.55

Weaknesses (CWE)

CWE-122
CWE-126

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now