Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pnggroup — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting pnggroup. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PNGGroup develops enterprise software solutions with a primary focus on document management and workflow automation systems. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for their 12 recorded CVEs. Notable security characteristics include insufficient input validation and inadequate access controls in several components. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their software suggests a need for improved secure coding practices and more rigorous vulnerability management across their product portfolio.

Top products by pnggroup: libpng
CVE IDTitleCVSSSeverityPublished
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure — libpngCWE-416 5.1 Medium2026-04-09
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64 — libpngCWE-125 7.6 High2026-03-26
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` — libpngCWE-416 7.5 High2026-03-26
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow — libpngCWE-122 5.3 Medium2026-03-08
CVE-2026-25646 LIBPNG has a heap buffer overflow in png_set_quantize — libpngCWE-122 7.5 -2026-02-10
CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_* — libpngCWE-125 6.8 Medium2026-01-12
CVE-2026-22695 LIBPNG has a heap buffer over-read in png_image_read_direct_scaled (regression from CVE-2025-65018 fix) — libpngCWE-125 6.1 Medium2026-01-12
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite — libpngCWE-125 7.1 High2025-12-03
CVE-2025-65018 LIBPNG is vulnerable to a heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` — libpngCWE-787 7.1 High2025-11-24
CVE-2025-64720 LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication — libpngCWE-125 7.1 High2025-11-24
CVE-2025-64506 LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images — libpngCWE-125 6.1 Medium2025-11-24
CVE-2025-64505 LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index — libpngCWE-125 6.1 Medium2025-11-24

This page lists every published CVE security advisory associated with pnggroup. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.