CVE-2026-25646
Analyzed Analyzed - Analysis Complete
Out-of-Bounds Read in LIBPNG png_set_quantize() Causes Infinite Loop

Publication date: 2026-02-10

Last updated on: 2026-02-13

Assigner: GitHub, Inc.

Description
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-10
Last Modified
2026-02-13
Generated
2026-05-27
AI Q&A
2026-02-10
EPSS Evaluated
2026-05-25
NVD
CVE-2026-25646
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libpng libpng to 1.6.55 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-126 The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the LIBPNG library, specifically in the png_set_quantize() API function before version 1.6.55. When this function is called without a histogram and the palette contains more than twice the maximum number of colors supported by the user's display, certain valid PNG images can cause the function to enter an infinite loop. This loop results in an out-of-bounds read past the end of an internal heap-allocated buffer.


How can this vulnerability impact me? :

The vulnerability can cause an application using LIBPNG to enter an infinite loop and perform out-of-bounds memory reads. This can lead to application crashes, denial of service, or potentially expose sensitive memory contents depending on the context in which the library is used.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the LIBPNG library to version 1.6.55 or later, where the out-of-bounds read issue in the png_set_quantize() function is fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart