14 old software bugs that took way too long to squash
Summary
Researchers have identified 14 long-dormant software bugs that have persisted for over a decade, with some dating back 30 years. One such vulnerability in the libpng graphics library (CVE-2026-25646) allows for potential information disclosure or remote code execution via malformed PNG files, and has a CVSS score of 8.3. Many widely used systems and applications still rely on these legacy components, necessitating patching.
IFF Assessment
The discovery of long-standing, unpatched vulnerabilities in foundational software components represents a significant risk to defenders, as these flaws can be exploited in systems that have remained vulnerable for years.
Severity
Defender Context
Defenders should be aware that critical software libraries can harbor decades-old vulnerabilities that are only now being discovered. This highlights the importance of comprehensive software composition analysis and a proactive approach to patching, even for seemingly stable components. Organizations must prioritize updating systems that rely on libraries like libpng to mitigate the risk of exploitation.