Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.

INFO

Published Date :

2026-03-26T16:51:58.289Z

Last Modified :

2026-03-26T18:45:26.631Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33636 vulnerability.

Vendors Products
Pnggroup
  • Libpng
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33636.

URL Resource
https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 cve-icon cve-icon cve-icon
https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-33636 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-33636 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact