Skip to content


libspng is a C library for reading and writing Portable Network Graphics (PNG) format files with a focus on security and ease of use.

It is licensed under the BSD 2-clause “Simplified” License.


The goal is to provide a fast PNG library with a simpler API than libpng.



Feature libspng libpng stb_image lodepng
Decode from stream
Gamma correction
No known security bugs[1]
Progressive image read
Parses all standard chunks
Doesn’t require zlib ❌*
Encoding ❌*
Animated PNG ❌* ✅**

[1] The project is fuzz tested on OSS-Fuzz and vulnerabilities are fixed before they become public

* Work in progress

** With a 3rd party patch

Getting libspng

Extract and include spng.c/spng.h in your project, you can also build with CMake or Meson.


/* Create a context */
spng_ctx *ctx = spng_ctx_new(0);

/* Set an input buffer */
spng_set_png_buffer(ctx, buf, buf_size);

/* Determine output image size */
spng_decoded_image_size(ctx, SPNG_FMT_RGBA8, &out_size);

/* Decode to 8-bit RGBA */
spng_decode_image(ctx, out, out_size, SPNG_FMT_RGBA8, 0);

/* Free context memory */

See example.c.

Security & Testing

Code is written according to the rules of the CERT C Coding Standard. All integer arithmetic is checked for overflow and all error conditions are handled gracefully.

The library is continuously fuzzed by OSS-Fuzz, releases are scanned with Clang Static Analyzer, PVS-Studio, and Coverity Scan.

The test suite consists of over 700 test cases, 175 test images are decoded with all possible output format and flag combinations and compared against libpng for correctness.


How does it compare to libpng?

See the comparison page.

Will it be drop-in compatible with libpng?

A compatibility layer was considered but it would need a lot of features implemented outside of libspng.

Are there any size limits?

There are no set limits. libspng should be safe to use with images or files of any size, at worst it will run out of memory or encounter an integer overflow, all errors are handled gracefully.

Is libspng threadsafe?

libspng is threadsafe as long as contexts are not shared across threads. It is safe to create multiple contexts on a thread.

Why are some functions returning SPNG_EBADSTATE?

A previous function call encountered an irrecoverable error, most decoding errors are not recoverable. Refer to the documentation on error handling.

How is spng pronounced?

The letters are spelled.