libpng libpng is the official PNG reference library. It supports almost all PNG features, is extensible, and has been extensively tested for over 30 years. The home site for development versions (i.e., may be buggy or subject to change or include experimental features) is https://libpng.sourceforge.io/ , and the place to go for questions about the library is the png-mng-implement mailing list. libpng is available as ANSI C (C89) source code and requires zlib 1.0.4 or later ( 1.2.13 or later recommended for performance and security reasons). The current public release, libpng 1.6.55 , has another security fix (as noted immediately below), so upgrading is, once again, recommended. Vulnerability Warning All libpng releases through 1.6.54 have a recently discovered security vulnerability: CVE-2026-25646 ( high severity ): Heap buffer overflow in the low-level API function png_set_quantize() (and its predecessor png_set_dither() ) when called with no histogram and a palette larger than twice the requested maximum number of colors. This latent bug has existed for three decades, since at least the 0.90 beta (but probably 0.88 or 0.89 ). This vulnerability is fixed in version 1.6.55 , released on 9 February 2026. Note that it affects valid , conformant PNG images (though only in applications that reduce the number of colors, which is extremely rare these days). Portability Note The libpng 1.6.x series continues the evolution of the libpng API, finally hiding the contents of the venerable and hoary png_struct and png_info data structures inside private (i.e., non-installed) header files . Instead of direct struct-access, applications should be using the various png_get_xxx() and png_set_xxx() accessor functions, which have existed for almost as long as libpng itself. libpng 2.0.x (formerly 1.8.x) has been under development for some time now and is planned to be the next release (as of July 2025). As promised, it eliminates some long-deprecated APIs and "features" and will require a C99 compiler or later, breaking compatibility with very old apps. It also adds support for APNG and other PNG-3 features. The portability notice should not come as a particular surprise to anyone who has added libpng support to an application this millenium; the manual has warned of it since at least July 2000. (Specifically: "Starting with version 2.0.0, both structures are going to be hidden, and the contents of the structures will only be accessible through the png_get/png_set functions." OK, so the version number was off a bit...and the grammar, too, but who's counting?) The 1.5.x and later series also include a new, more thorough test program ( pngvalid.c ) and a new pnglibconf.h header file that tracks what features were enabled or disabled when libpng was built. On the other hand, they no longer internally include the zlib.h header file, so applications that formerly depended on png.h to provide that will need to include it explicitly. Complete differences relative to libpng 1.4.x are detailed here . See the bottom of this page for warnings about security and crash bugs in versions up through libpng 1.6.36 . In addition to the main library sources, all of the 1.2.x/1.4.x/1.5.x/1.6.x/1.7.x series include the rpng, rpng2 and wpng demo programs, the pngminus demo program, a subset of Willem van Schaik's PngSuite test images , and Willem's VisualPng demo program. Current version: 1.6.55 Authors: Guy Eric Schalnat , Andreas Dilger , John Bowler, Glenn Randers-Pehrson, Cosmin Truta (current maintainer), and others License: Open Source Platforms: Unix, DOS, OS/2, Windows, Mac OS, BeOS, Amiga, etc. README: local web site http://www.libpng.org/pub/png/src/ http://prdownloads.sourceforge.net/libpng/ Manual: plain text format PDF format (version 1.4.0 [Jan 2010], courtesy of Alex Yau) Mailing list: png-mng-implement Source code: sourceforge.net archive sizes (bytes): .tar.xz .tar.xz 1064676 .tar.gz .tar.gz 1573592 .zip .zip 1863047 SHA-256 checksums: 4b0abab6d219e95690ebe4db7fc9aa95f4006c83baaa022373c0c8442271283d libpng-1.6.55.tar.gz d925722864837ad5ae2a82070d4b2e0603dc72af44bd457c3962298258b8e82d libpng-1.6.55.tar.xz aa45ef52ff7a4e61f34af866b3254b0b243ddc42fe2adb823b0843d2a57c2e86 lpng1655.zip Beta code: https://libpng.sourceforge.io/ git repository: access : git://git.code.sf.net/p/libpng/code browse : https://sourceforge.net/p/libpng/code/ci/libpng16/tree/ Current binaries: operating system platform version Linux ( .txz ) Linux ( .txz ) Linux (.deb) x86 x86_64 many 1.6.55- 1.6.55- 1.6.55- (these are "unofficial" binaries compiled by third parties) Older binaries (at time of update): operating system platform version HP-UX Linux (.rpm) ( dev ) Mac OS X PA-RISC,IA64 many x86,PowerPC 1.6.54- 1.6.53- 1.6.54- (these are "unofficial" binaries compiled by third parties) Supporting libraries and tools: zlib XZ (needed only to decompress tar.xz source archive) Security and Crash Bugs in Older Versions Vulnerability Warning libpng versions 1.6.26 t