{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/png/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["libpng","png","oob","CVE-2026-33636","vulnerability","defense-evasion","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-33636 describes an out-of-bounds read and write vulnerability within the LIBPNG library, specifically affecting versions 1.6.36 through 1.6.55. The vulnerability resides in the ARM/AArch64 Neon-optimized palette expansion path. This flaw occurs when expanding 8-bit paletted rows to RGB or RGBA formats. The Neon loop processes a final partial chunk of data without properly validating that sufficient input pixels remain. This lack of validation leads to out-of-bounds memory access during…\u003c/p\u003e\n","date_modified":"2026-03-27T12:00:00Z","date_published":"2026-03-27T12:00:00Z","id":"/briefs/2026-03-libpng-oob-r-w/","summary":"An out-of-bounds read and write vulnerability in LIBPNG's ARM/AArch64 Neon-optimized palette expansion path (CVE-2026-33636) allows attackers to potentially achieve denial-of-service or arbitrary code execution by crafting malicious PNG images.","title":"LIBPNG Out-of-Bounds Read/Write Vulnerability in Neon Optimization (CVE-2026-33636)","url":"https://feed.craftedsignal.io/briefs/2026-03-libpng-oob-r-w/"}],"language":"en","title":"CraftedSignal Threat Feed — Png","version":"https://jsonfeed.org/version/1.1"}