PT-2026-23921 · Libpng · Libpng

Biniam

Published

2026-03-08

Updated

2026-03-11

CVE-2026-3713

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions libpng versions up to 1.6.55

Description A heap-based buffer overflow exists in the do pnm2png function within the pnm2png.c file of the pnm2png component. The issue is triggered by manipulating the width and height arguments. Exploitation is restricted to local execution, and an exploit has been published. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 1.6.55 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

AZL-79506

AZL-79512

AZL-79515

AZL-79517

AZL-79520

AZL-79523

AZL-79631

AZL-79646

AZL-79652

CVE-2026-3713

ECHO-9E0D-9055-5BF6

RHSA-2026:6732

Affected Products

Libpng

PT-2026-23921 · Libpng · Libpng

CVE-2026-3713

Weakness Enumeration

Related Identifiers

Affected Products

References · 27