ByteOS Network

CVE Vulnerability Details :

CVE-2026-3713

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-08 Mar, 2026 | 06:02

Updated At-11 Mar, 2026 | 13:43

▼CVE Numbering Authority (CNA)

pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Products

Vendor

pnggroup

Product

libpng

CPEs

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*

Modules

pnm2png

Versions

Affected

1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.20
1.6.21
1.6.22
1.6.23
1.6.24
1.6.25
1.6.26
1.6.27
1.6.28
1.6.29
1.6.30
1.6.31
1.6.32
1.6.33
1.6.34
1.6.35
1.6.36
1.6.37
1.6.38
1.6.39
1.6.40
1.6.41
1.6.42
1.6.43
1.6.44
1.6.45
1.6.46
1.6.47
1.6.48
1.6.49
1.6.50
1.6.51
1.6.52
1.6.53
1.6.54
1.6.55

Problem Types

Type	CWE ID	Description
CWE	CWE-122	Heap-based Buffer Overflow
CWE	CWE-119	Memory Corruption

Type: CWE

CWE ID: CWE-122

Description: Heap-based Buffer Overflow

Type: CWE

CWE ID: CWE-119

Description: Memory Corruption

Metrics

Version	Base score	Base severity	Vector
4.0	4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.1	5.3	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C
3.0	5.3	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C
2.0	4.3	N/A	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C

Version: 4.0

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C

Version: 3.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C

Version: 2.0

Base score: 4.3

Base severity: N/A

Vector:

AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C

Credits

reporter

biniam (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-03-07 00:00:00
VulDB entry created	2026-03-07 01:00:00
VulDB entry last update	2026-03-07 11:57:28

Event: Advisory disclosed

Date: 2026-03-07 00:00:00

Event: VulDB entry created

Date: 2026-03-07 01:00:00

Event: VulDB entry last update

Date: 2026-03-07 11:57:28

References

Hyperlink	Resource
https://vuldb.com/?id.349658	vdb-entry technical-description
https://vuldb.com/?ctiid.349658	signature permissions-required
https://vuldb.com/?submit.761996	third-party-advisory
https://github.com/pnggroup/libpng/issues/794	issue-tracking
https://github.com/biniamf/pocs/tree/main/pnm2png	exploit
https://github.com/pnggroup/libpng/	product

Hyperlink: https://vuldb.com/?id.349658

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.349658

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.761996

Resource:

third-party-advisory

Hyperlink: https://github.com/pnggroup/libpng/issues/794

Resource:

issue-tracking

Hyperlink: https://github.com/biniamf/pocs/tree/main/pnm2png

Resource:

exploit

Hyperlink: https://github.com/pnggroup/libpng/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References