Developers have resolved a legacy flaw in the widely used libpng open-source library that existed since the software was released nearly 30 years ago. The heap buffer overflow in libpng would cause applications on unpatched systems to crash when presented with maliciously crafted PNG graphic images. In worse case scenarios, the CVE-2026-25646 vulnerability could be abused to extract information or trigger remote code execution. The most serious repercussions of the flaw would be possible only if proceeded by careful heap grooming preparation by a potential attack, so exploitation is far from trivial. Images capable of exploiting the vulnerability would still need to be valid PNG files. The v...