Ubuntu 25.10 libpng Critical DoS Vulnerabilities USN-8251-1 CVE-2026-33416
ubuntu
May 7, 2026
Several security issues were fixed in libpng.
Summary
Several security issues were fixed in libpng.
Software Description:
- libpng1.6: PNG (Portable Network Graphics) file library
Details:
It was discovered that libpng incorrectly handled memory when processing
certain PNG files. If a user or automated system were tricked into opening
a specially crafted PNG file, an attacker could use this issue to cause
libpng to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-33416)
It was discovered that libpng incorrectly handled expanding 8-bit paletted
rows to RGB or RGBA on ARM processors. If a user or automated system were
tricked into opening a specially crafted PNG file, an attacker could use
this issue to cause libpng to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-33636)
It was discovered that libpng incorrectly handled certain setter APIs. An
attacker could possibly use this issue to obtain sensitive information.
(CVE-2026-34757)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libpng16-16t64 1.6.50-1ubuntu0.5 Ubuntu 24.04 LTS libpng16-16t64 1.6.43-5ubuntu0.6 Ubuntu 22.04 LTS libpng16-16 1.6.37-3ubuntu0.5 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8251-1
CVE-2026-33416, CVE-2026-33636, CVE-2026-34757
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8251-1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!