Threat Intel

v0.1

← CVEs

CVE-2026-33636

HIGH 7.6
Published
2026-03-26
Last Modified
2026-04-02
Affected Apps
11
Affected Devices
44
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.
Affected Applications in Environment 11
libpng v2:1.6.37-12.el9
26 devices
libpng v2:1.6.34-5.el8
3 devices
libpng v2:1.6.40-8.el10_1.2
1 device
libpng v2:1.6.34-5.el8
4 devices
libpng v2:1.6.34-9.el8_10
3 devices
libpng v2:1.6.37-12.el9_7.1
1 device
libpng v2:1.6.34-9.el8_10
1 device
libpng v2:1.6.37-12.el9_7.2
1 device
libpng v2:1.5.13-8.el7
1 device
libpng v2:1.6.37-12.el9_7.2
2 devices
libpng v2:1.6.37-12.el9
1 device
Affected Devices 44
atc.db.usu.edu Linux chela03 Linux chela04 Linux chela05 Linux cleanaddressdev.banner.usu.edu Linux devjobsub.banner.usu.edu Linux dpapsb-161390.aggies.usu.edu Linux dpapsb-191594.mypc.usu.edu Linux el103-02.ece.usu.edu Linux el103-03.ece.usu.edu Linux el103-04.ece.usu.edu Linux el103-05.ece.usu.edu Linux el103-07.ece.usu.edu Linux el103-08.ece.usu.edu Linux el103-09.ece.usu.edu Linux el103-10.ece.usu.edu Linux el103-14.ece.usu.edu Linux el103-15.ece.usu.edu Linux el103-16.ece.usu.edu Linux el103-17.ece.usu.edu Linux el103-18.ece.usu.edu Linux el103-19.ece.usu.edu Linux el103-20.ece.usu.edu Linux el120-01.ece.usu.edu Linux el120-02.ece.usu.edu Linux el120-03.ece.usu.edu Linux el120-04.ece.usu.edu Linux el120-05.ece.usu.edu Linux el120-06.ece.usu.edu Linux el120-08.ece.usu.edu Linux el120-09.ece.usu.edu Linux el120-10.ece.usu.edu Linux el120-11.ece.usu.edu Linux el120-12.ece.usu.edu Linux el120-14.ece.usu.edu Linux eprocdev.banner.usu.edu Linux facreadyprod.pplant.usu.edu Linux facreadytestrhel.pplant.usu.edu Linux facshibsp2.pplant.usu.edu Linux guru.cluster Linux oms.db.usu.edu Linux paymentworksdev.banner.usu.edu Linux thinkstation Linux zldtst.db.usu.edu Linux
References 3