Bug 2438542 (CVE-2026-25646) - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize
Summary: CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize
Keywords:
Status: NEW
Alias: CVE-2026-25646
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2438653 2438654 2438656 2438657 2438659 2438660 2438661 2438662 2438664 2438665 2438666 2438667 2438668 2438669 2438670 2438671 2438672 2438674 2438675 2438676 2438677 2438678 2438679 2438680 2438681 2438682 2438683 2438684 2438686 2438655 2438658 2438663 2438673 2438685
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-10 18:01 UTC by OSIDB Bzimport
Modified: 2026-02-10 20:02 UTC (History)
21 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-02-10 18:01:50 UTC 
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Note You need to log in before you can comment on or make changes to this bug.