CVE-2026-25646 – libpng Memory Corruption Vulnerability
“A crafted image file could trigger memory corruption and allow attackers to execute code on affected systems.”
This patch addresses a high-severity vulnerability (CVE-2026-25646) affecting libpng, a widely used library for processing PNG image files in many applications and operating systems. The issue stems from improper memory handling when parsing specially crafted PNG image data.
An attacker could exploit this weakness by delivering a malicious PNG image to a vulnerable application that uses libpng. When the image is processed, it can trigger memory corruption that may lead to arbitrary code execution or application crashes. CVE-2026-25646 carries a CVSS v3.1 score of 8.3 (High).
Updates to libpng correct the memory handling flaw and strengthen validation of image data during parsing. Applications that rely on vulnerable versions of libpng remain exposed until they are rebuilt or updated with the patched library.
Key Details
- Affected Product
- Libpng Libpng
- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-122