Description
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-03-08
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap-based buffer overflow leading to local code execution
Action: Upgrade
AI Analysis

Impact

A flaw in libpng’s pnm2png function, specifically the handling of the width/height arguments in contrib/pngminus/pnm2png.c, allows an attacker to trigger a heap-based buffer overflow. The overflow can be exploited locally to overwrite memory in a way that could enable arbitrary code execution on the affected system. The weakness is identified with CWE-119 (Improper Restriction of Operations within the Bounds of a Buffer), CWE-122 (Heap-based Buffer Overflow) and CWE-131 (Incorrect Calculation of Buffer Size).

Affected Systems

The vulnerability affects the pnggroup libpng library up to version 1.6.55. Any deployment that utilizes the pnm2png component, which can be run locally, is subject to this flaw. Versions newer than 1.6.55 are presumed not to contain the issue. No other vendors or products were explicitly listed.

Risk and Exploitability

The CVSS v3.1 score is 4.8, indicating a medium impact if exploited. The EPSS score is less than 1%, suggesting low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Exploits have been published and are available, but they require local execution privileges. Attackers would need to control a local user context to trigger the overflow; elevated privileges would exacerbate the risk by enabling system-wide compromise.

Generated by OpenCVE AI on April 16, 2026 at 04:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libpng to version 1.6.56 or later to eliminate the vulnerability.
  • If an upgrade is not immediately possible, restrict use of the pnm2png utility to non‑privileged accounts or run it within a sandboxed environment to limit the potential impact of local execution.
  • When source code control is available, apply a manual patch that validates width and height inputs before allocating buffer space, thereby preventing the overflow.

Generated by OpenCVE AI on April 16, 2026 at 04:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

 threat_severity

Moderate

Sun, 08 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow
First Time appeared Libpng
Libpng libpng
Weaknesses CWE-119
CWE-122
CPEs cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Vendors & Products Libpng
Libpng libpng
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Libpng Libpng
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-11T13:43:22.092Z

Reserved: 2026-03-07T10:52:23.533Z

Link: CVE-2026-3713

cve-icon Vulnrichment

Updated: 2026-03-11T13:43:06.161Z

cve-icon NVD

Status : Deferred

Published: 2026-03-08T06:16:11.460

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3713

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-08T06:02:11Z

Links: CVE-2026-3713 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:30:13Z

Weaknesses