Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Libpng: Critical Buffer Overflow in Local pnm2png Function
CVE-2026-3713
Summary
A critical flaw in the libpng library, used in various software, can be exploited by an attacker with local access to cause a buffer overflow. This could potentially allow an attacker to execute malicious code. Update libpng to version 1.6.56 or later to fix the issue.
Original title
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation o...
Original description
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
4.3
nvd CVSS3.1
5.3
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
CWE-122
Heap-based Buffer Overflow
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026