CVE-2026-33636 – libpng Image Processing
“A corrupted image file shouldn’t be able to crash or control your system.”
libpng addressed multiple high-severity vulnerabilities affecting how PNG images are processed. CVE-2026-33416 and CVE-2026-33636 both stem from improper memory handling when parsing crafted image data. These issues could allow attackers to trigger crashes or potentially execute arbitrary code by supplying malicious PNG files, impacting applications that rely on libpng for image processing.
CVE-2026-33416 has a CVSS score of 7.5, which is High severity. CVE-2026-33636 has a CVSS score of 7.6, which is High severity. There is no verified evidence of active exploitation or publicly available proof-of-concept code for either vulnerability. The patch improves memory validation and bounds checking to prevent misuse during image parsing.
Key Details
- Affected Product
- Libpng Libpng
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-125