UbuntuUpdates.org

Package "libpng-dev"

Name: libpng-dev

Description:

PNG library - development (version 1.6)
Latest version: 1.6.50-1ubuntu0.5
Release: questing (25.10)
Level: updates
Repository: main
Head package: libpng1.6
Homepage: http://libpng.org/pub/png/libpng.html

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libpng-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libpng-dev" in Questing

Repository Area Version
base main 1.6.50-1
security main 1.6.50-1ubuntu0.5

Changelog

Version: 1.6.50-1ubuntu0.5 2026-05-07 17:07:53 UTC

  libpng1.6 (1.6.50-1ubuntu0.5) questing-security; urgency=medium

  * SECURITY UPDATE: use-after-free via shared buffers
    - debian/patches/CVE-2026-33416-1.patch: fix: Resolve use-after-free on
      `png_ptr->trans_alpha` in pngread.c, pngrutil.c, pngset.c, pngwrite.c.
    - debian/patches/CVE-2026-33416-2.patch: fix: Resolve use-after-free on
      `png_ptr->palette` in pngread.c, pngrtran.c, pngrutil.c, pngset.c,
      pngwrite.c.
    - debian/patches/CVE-2026-33416-3.patch: fix: Initialize tail bytes in
      `trans_alpha` buffers in pngset.c.
    - debian/patches/CVE-2026-33416-4.patch: fix: Sync `info_ptr->palette` after
      in-place transforms in pngrtran.c.
    - debian/patches/CVE-2026-33416-5.patch: fix: Sync `info_ptr->palette`
      unconditionally after in-place transforms in pngrtran.c.
    - CVE-2026-33416
  * SECURITY UPDATE: out-of-bounds access in ARM palette expansion path
    - debian/patches/CVE-2026-33636.patch: fix(arm): Resolve out-of-bounds
      read/write in NEON palette expansion in arm/palette_neon_intrinsics.c.
    - CVE-2026-33636
  * SECURITY UPDATE: getter-to-setter aliasing issues
    - debian/patches/CVE-2026-34757-1.patch: fix: Handle self-referencing
      pointers in getter-to-setter aliasing in CMakeLists.txt, Makefile.am,
      contrib/libtests/pnggetset.c, pngset.c, tests/pnggetset.
    - debian/patches/CVE-2026-34757-2.patch: fix: Handle getter-to-setter
      aliasing in append-style chunk setters in contrib/libtests/pnggetset.c,
      pngset.c.
    - CVE-2026-34757
  * SECURITY UPDATE: integer overflow in rowbytes computation
    - debian/patches/rowbytes_overflow.patch: fix: Prevent integer overflow in
      rowbytes computation in AUTHORS, pngrtran.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden> Tue, 05 May 2026 14:55:25 -0400
Source diff to previous version
CVE-2026-33416 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versio
CVE-2026-33636 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versio
CVE-2026-34757 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.

Version: 1.6.50-1ubuntu0.4 2026-02-13 01:08:42 UTC

  libpng1.6 (1.6.50-1ubuntu0.4) questing-security; urgency=medium

  * SECURITY UPDATE: OOB read in png_set_quantize()
    - debian/patches/CVE-2026-25646.patch: fix a heap buffer overflow in
      pngrtran.c.
    - CVE-2026-25646

 -- Marc Deslauriers <email address hidden> Wed, 11 Feb 2026 09:23:07 -0500
Source diff to previous version
CVE-2026-25646 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to

Version: 1.6.50-1ubuntu0.3 2026-01-15 00:08:03 UTC

  libpng1.6 (1.6.50-1ubuntu0.3) questing-security; urgency=medium

  * SECURITY UPDATE: OOB in png_image_read_composite
    - debian/patches/CVE-2025-66293-1.patch: validate component size in
      pngread.c.
    - debian/patches/CVE-2025-66293-2.patch: improve fix in pngread.c.
    - CVE-2025-66293
  * SECURITY UPDATE: Heap buffer over-read in png_image_read_direct_scaled
    - debian/patches/CVE-2026-22695.patch: fix memcpy size in pngread.c.
    - CVE-2026-22695
  * SECURITY UPDATE: Integer truncation causing heap buffer over-read
    - debian/patches/CVE-2026-22801.patch: remove incorrect truncation
      casts in CMakeLists.txt, contrib/libtests/pngstest.c, pngwrite.c,
      tests/pngstest-large-stride.
    - CVE-2026-22801

 -- Marc Deslauriers <email address hidden> Mon, 12 Jan 2026 13:10:10 -0500
Source diff to previous version
CVE-2025-66293 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to
CVE-2026-22695 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.
CVE-2026-22801 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.

Version: 1.6.50-1ubuntu0.1 2025-12-11 12:07:46 UTC

  libpng1.6 (1.6.50-1ubuntu0.1) questing-security; urgency=medium

  * SECURITY UPDATE: buffer overflow issue
    - debian/patches/CVE-2025-64505.patch: Fix a buffer overflow in
      png_do_quantize
    - debian/patches/CVE-2025-64506.patch: Fix a heap buffer overflow in
      png_write_image_8bit
    - debian/patches/CVE-2025-64720.patch: Fix a buffer overflow in
      png_init_read_transformations
    - debian/patches/CVE-2025-65018.patch: Fix a heap buffer overflow in
      png_image_finish_read
    - CVE-2025-64505
    - CVE-2025-64506
    - CVE-2025-64720
    - CVE-2025-65018

 -- Nishit Majithia <email address hidden> Tue, 09 Dec 2025 17:38:32 +0530
CVE-2025-64505 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to
CVE-2025-64506 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers
CVE-2025-64720 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers
CVE-2025-65018 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From vers


About   -   Send Feedback to @ubuntu_updates