SecAlerts
CVE ListPricingSign Up
libpng logo

libpng

Security Risk Profile

39
/100
low

Security Risk Score

Comprehensive risk assessment based on 93 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from April 19, 2004 to present

93
Total CVEs
30
Critical+High
0
Exploited
10
Unpatched

Threat Assessment

Avg CVSS
5.9
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
10
Critical/High
Risk Level
39/100
low
📈 2 in Last 30 Days

Severity Distribution

Critical
3
High
27
Medium
46
Low
6

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
3

Age Distribution

Common Weaknesses (CWE)

1
Buffer Overflow
23
2
Integer Overflow
7
3
Use After Free
5
4
Null Pointer Dereference
5
5
Input Validation
3

Most Affected Products

1. libpng LIBPNG2614
2. Canonical Ubuntu Linux52
3. redhat/java42
4. Debian Debian Linux32
5. Fedoraproject Fedora24

Recent Vulnerabilities

See more →
CVE-2026-40930
CVSS 5.4medium

LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

5/15/2026🔧 No Patch
https://seclists.org/oss-sec/2026/q2/548
unknown

libpng-apng: Chunk-smuggling vulnerability in push-mode APNG parser: CVE-2026-40930

5/15/2026🔧 No Patch
CVE-2026-34757
CVSS 5.1medium

LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure

4/9/2026
https://seclists.org/oss-sec/2026/q2/55
unknown

libpng 1.6.57: Use-after-fe vulnerability fixed: CVE-2026-34757

4/8/2026🔧 No Patch
REDHAT-BUG-2451819
CVSS 4.0medium
3/26/2026🔧 No Patch
REDHAT-BUG-2451805
CVSS 4.0medium
3/26/2026🔧 No Patch
CVE-2026-33416
CVSS 7.5high

LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

3/26/2026
CVE-2026-33636
CVSS 7.6high

LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64

3/26/2026
https://seclists.org/oss-sec/2026/q1/387
unknown

libpng 1.6.56: Two high-severity vulnerabilities fixed: CVE-2026-33416, CVE-2026-33636

3/25/2026🔧 No Patch
REDHAT-BUG-2438542
CVSS 7.0high
2/10/2026🔧 No Patch

Monitor libpng in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.