It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma correction. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-66293) Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit output format and non-minimal row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22695) Cosmin Truta discovered that the libpng simplified API incorrectly handled invalid row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-22801) It was discovered that the libpng simplified API incorrectly handled quantizing RGB images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-25646)