Back

Critical libpng Vulnerabilities Affecting Multiple Ubuntu Releases

Severity: High (Score: 74.0)

Sources: Ubuntu, Linuxsecurity

Summary

On May 7, 2026, Ubuntu published USN-8251-1, addressing several critical vulnerabilities in libpng, affecting Ubuntu 25.10, 24.04 LTS, and 22.04 LTS. The vulnerabilities include improper memory handling when processing specially crafted PNG files, which could lead to denial of service or arbitrary code execution (CVE-2026-33416, CVE-2026-33636). Additionally, a flaw in certain setter APIs could potentially expose sensitive information (CVE-2026-34757). Users and automated systems are at risk if they open malicious PNG files. The vulnerabilities were disclosed on March 26, 2026, and April 9, 2026, respectively. Affected users are advised to update their systems to the latest package versions to mitigate these risks. Key Points: • Critical vulnerabilities in libpng could lead to denial of service or arbitrary code execution. • Affected Ubuntu versions include 25.10, 24.04 LTS, and 22.04 LTS. • Users are urged to update their systems to the latest libpng package versions immediately.

Key Entities

  • DDoS (attack_type)
  • Zero-day Exploit (attack_type)
  • CVE-2026-33416 (cve)
  • CVE-2026-33636 (cve)
  • CVE-2026-34757 (cve)
  • Cwe-119 - Improper Restriction Of Operations Within Memory Buffer (cwe)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • Cwe-122 - Heap-based Buffer Overflow (cwe)
  • T1204.002 - Malicious File (mitre_attack)
  • T1204 - User Execution (mitre_attack)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed