Pwnalone

**Name of the Vulnerable Software and Affected Versions** libpng versions prior to 1.6.55 **Description** LIBPNG is a library used by applications to read, create, and manipulate PNG raster image files. A flaw exists in the `png set quantize()` function that can lead to a denial-of-service condition or potentially arbitrary code execution. This issue is triggered when the function is called without a histogram and with a palette that exceeds twice the maximum number of colors supported by the user’s display. The vulnerability stems from an out-of-bounds read within the function, caused by specially crafted, yet valid, PNG files. The issue has been present in the library for approximately 30 years. The `png set quantize()` function is susceptible to a heap buffer overflow. **Recommendations** Versions prior to 1.6.55 should be upgraded to version 1.6.55 or later.