https://feed.craftedsignal.io/tags/png/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-libpng-oob-r-w/Fri, 27 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-libpng-oob-r-w/An out-of-bounds read and write vulnerability in LIBPNG's ARM/AArch64 Neon-optimized palette expansion path (CVE-2026-33636) allows attackers to potentially achieve denial-of-service or arbitrary code execution by crafting malicious PNG images.<p>CVE-2026-33636 describes an out-of-bounds read and write vulnerability within the LIBPNG library, specifically affecting versions 1.6.36 through 1.6.55. The vulnerability resides in the ARM/AArch64 Neon-optimized palette expansion path. This flaw occurs when expanding 8-bit paletted rows to RGB or RGBA formats. The Neon loop processes a final partial chunk of data without properly validating that sufficient input pixels remain. This lack of validation leads to out-of-bounds memory access during…</p> highadvisorylibpngpngoobCVE-2026-33636vulnerabilitydefense-evasionprivilege-escalation