LIBPNG: PNG reference library / News: Recent posts

libpng-1.6.28 released

libpng-1.6.28 has been released to fix a bug exposed when attempting to build with zlib-1.2.9 or 1.2.10

Posted by Glenn Randers-Pehrson 2017-01-05

libpng-1.6.27, 1.5.28, 1.4.20, 1.2.57, and 1.0.67 released

New versions released to fix CVE-2016-10087

Posted by Glenn Randers-Pehrson 2017-01-05

libpng-1.5.26, 1.4.19, 1.2.56, and 1.0.66 released

Libpng-1.5.26, 1.4.19, 1.2.56, and 1.0.66 fix an out-of-range read in png_check_keyword(), CVE-2015-8540.

Posted by Glenn Randers-Pehrson 2015-12-17 Labels: security

libpng-1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65 released

The bugfix of CVE-2015-8126 in the previous versions was incomplete; it defended against malevolent PNG files that are read via png_handle_PLTE but did not detect applications that use png_set_PLTE to set an over-length palette. This set of releases completes the bugfix, fixing CVE-2015-8472.

Posted by Glenn Randers-Pehrson 2015-12-05 Labels: security

libpng-1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64 released

libpng-1.6.19, libpng-1.5.24, libpng-1.2.54, libpng-1.4.17, and libpng-1.0.64 have been released to fix a potential out-of-bounds read in png_set_tIME/png_convert_to_rfc1123 (CVE-2014-9425) and a potential out-of-bounds write in png_get_PLTE/png_set_PLTE (CVE-2015-8126).

Posted by Glenn Randers-Pehrson 2015-11-12 Labels: security

libpng-1.6.18 and 1.5.23 released

libpng-1.6.18 and 1.5.23 were released last week. Due to the outage, they aren't available yet in the SourceForge File Release System. They are, however, available from the glennrp/libpng-releases repository at github. This is a cleanup release that fixes some harmless Coverity defects and removes some unused code.

Posted by Glenn Randers-Pehrson 2015-07-29

libpng-1.6.17 and 1.5.22 released

libpng-1.6.17 and 1.5.22 have been released. They "harden" the library against attacks using very wide images by imposing a default limit of 1 million columns. Users who truly need to process wider images can override this limit.

Posted by Glenn Randers-Pehrson 2015-03-26

libpng-1.7.0beta49 released

libpng-1.7.0beta49 has been released, to test some changes to the filter-selection procedure to use a single "try_row" buffer instead of separate "sub_row, up_row, avg_row, and paeth_row" buffers. Please try it out and report back; if all goes well I'll port it back to libpng15 and libpng16 soon.

Posted by Glenn Randers-Pehrson 2015-02-12

libpng-1.6.16 released

libpng-1.6.16 has been released to fix two potential overflows while reading very wide images.

Posted by Glenn Randers-Pehrson 2014-12-22

libpng-1.6.14 released

libpng-1.6.14 has been released. This is mostly a code cleanup, with a minor bugfix to the iTXt chunk handler.

Posted by Glenn Randers-Pehrson 2014-10-23

libpng-1.6.13 (and libpng-1.5.19) released

libpng-1.6.13 and libpng-1.5.19 have been released. These are simple code-cleanup releases without any security issues or new features.

Posted by Glenn Randers-Pehrson 2014-08-21

libpng-1.6.12 released

libpng-1.6.12 has been released to relocate an out-of-order statement introduced in libpng-1.6.11.

Posted by Glenn Randers-Pehrson 2014-06-12

libpng 1.6.10 released

libpng-1.6.10 avoids an infinite loop while reading a datastream whose first IDAT chunk is of zero-length. This fixes CERT VU#684412 and CVE-2014-0333.

Posted by Glenn Randers-Pehrson 2014-06-04

libpng-1.6.9 released

libpng-1.6.9 is a simple cleanup release.

Posted by Glenn Randers-Pehrson 2014-02-10

Libpng-1.6.8 released

Libpng-1.6.8 has been released. This fixes a potential NULL pointer dereference and is otherwise a simple cleanup release.

Posted by Glenn Randers-Pehrson 2013-12-20

libpng-1.6.7 released

Libpng-1.6.7 adds ARMv8 support and improves/simplifies the unknown chunk handling, and has been made compatible with automake-1.14.

Posted by Glenn Randers-Pehrson 2013-11-24

libpng-1.6.6 released

libpng-1.6.5 did not correct the error it was supposed to fix (two stray lines in arm/arm_init.c). The bad lines are removed from 1.6.6.

Posted by Glenn Randers-Pehrson 2013-09-16

libpng-1.6.5 released

libpng-1.6.5 has been released, to remove two stray lines in arm/arm_init.c that caused libpng to fail to compile when ARM support is enabled.

Posted by Glenn Randers-Pehrson 2013-09-14

libpng-1.6.4 released

libpng-1.6.4 has been released. It has some minor speed and footprint optimizations.

Posted by Glenn Randers-Pehrson 2013-09-12

libpng-1.6.3 released

libpng-1.6.3 has been released. It has improved support for ARM platforms.

Posted by Glenn Randers-Pehrson 2013-07-21

libpng-1.5.17 released

libpng-1.5.17 has been released. There are minor changes, mainly in the ARM support.

Posted by Glenn Randers-Pehrson 2013-07-02

libpng releases with GPG digital signatures

libpng public releases 1.2.50, 1.4.12, 1.5.16, and 1.6.2 now have PGP signatures signed by Glenn Randers-Pehrson. In the frs they are in libpngNN/libpng.x.y.z/Gnupg, and in the GIT repository there are signed tags libpng-1.2.50-signed, libpng-1.4.12-signed, libpng-1.5.16-signed, and libpng-1.6.2-signed. Future public releases (but not beta releases or intermediate GIT checkins) will be similarly signed. To verify a release you have downloaded, follow the instructions in Gnupg/libpng-x.y.z-gnupg-README.txt

Posted by Glenn Randers-Pehrson 2013-06-04

libpng-1.6.2 released

libpng-1.6.2 fixes a bug in which libpng-1.6.0 and 1.6.1 would write uncompressed iTXt chunks with the wrong length. An application for fixing such PNGs is supplied in contrib/tools/fixitxt.c.

Posted by Glenn Randers-Pehrson 2013-04-25

libpng-1.6.1 released

libpng-1.6.1 has been released. It is a minor cleanup release. For legacy applications, libpng-1.5.15 has also been released.

Posted by Glenn Randers-Pehrson 2013-03-29

libpng-1.6.0 released

libpng-1.6.0 has been released. This version adds a "simplified API" for reading and writing PNG images.

Posted by Glenn Randers-Pehrson 2013-02-18

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks