VDB
CVE-2026-3713
CVE-2026-3713
PUBLISHED
CVSS 4.800000190734863 MEDIUM
A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
EPSS 0.02% · 5.7th percentile
Risk Scores
CVSS v4.0
4.800000190734863
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
EPSS Score
0.02%
5.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pnggroup | libpng | 1.6.7, 1.6.0, 1.6.1 |
Timeline
- Mar 8, 2026 EPSS Score
- Mar 8, 2026 PoC Published
- Mar 8, 2026 CVE Published
- Mar 9, 2026 EPSS Score
- Mar 10, 2026 EPSS Score
- Mar 11, 2026 EPSS Score
- Mar 11, 2026 CVE Updated
- Mar 12, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 14, 2026 Coalition ESS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
References
- VDB-349658 | pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow vdb
- VDB-349658 | CTI Indicators (IOB, IOC, IOA) url
- Submit #761996 | libpng pnm2png 1.8.0 Integer Overflow to Buffer Overflow third-party-advisory
- https://github.com/pnggroup/libpng/issues/794 issue
- https://github.com/biniamf/pocs/tree/main/pnm2png exploit
- https://github.com/pnggroup/libpng/ url
- https://nvd.nist.gov/vuln/detail/CVE-2026-3713 advisory
- https://github.com/pnggroup/libpng url