libpng security update

2:1.6.40-8.4 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161324...

libpng security update

2:1.6.37-12.4 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161436...

SUSE: Security Advisory (SUSE-SU-2026:1323-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

SUSE-SU-2026:1323-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754...

Security update for libpng16

This update for libpng16 fixes the following issue: CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

...

CVE-2026-33416

CVE-2026-33416 concerns libpng: in versions 1.2.1 through 1.6.55, png_set_tRNS and png_set_PLTE alias a 256-byte and a 768-byte heap buffer between png_struct and png_info, respectively. Freeing via PNG_FREE_TRNS/PNG_FREE_PLTE frees through info_ptr while png_ptr remains dangling, causing potenti...

CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

CVE-2026-33416

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

Improper Verification of Cryptographic Signature

Overview github.com/russellhaering/goxmldsig is a XML Digital Signatures implemented in pure Go. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the validateSignature function in the validate.go file. An attacker can bypass integrity...

EUVD-2021-26653

Malware in sbrugna...

The vulnerability of the HarmonyOS operating system, related to pointer aliasing, allows a hacker to trigger a service failure.

The vulnerability of the HarmonyOS operating system is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to trigger a service failure...

The vulnerability of the lzma_stream_decoder_mt() function in the liblzma library, a data compression package for XZ Utils, allows a hacker to cause a service failure.

The vulnerability of the lzmastreamdecodermt function in the liblzma library, a component of the XZ Utils data compression package, involves premature resource release due to pointer aliasing. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the iommufdHWPT_nested_alloc() function in the Linux operating system’s IOMMU kernel driver allows a hacker to cause a service failure.

The vulnerability of the iommufdHWPTnestedalloc function in the Linux operating system’s IOMMU support driver is related to pointer aliasing. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the ExecutionContext Drivers in Windows operating systems, which allows attackers to enhance their privileges

The vulnerability of the ExecutionContext Drivers in Windows operating systems is related to pointer aliasing. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the ovpn-dco driver for Windows operating systems in the OpenVPN virtual private network creation software allows a hacker to induce a service failure.

The vulnerability of the ovpn-dco driver for Windows operating systems in the OpenVPN virtual private network creation software is related to pointer aliasing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Message Routing component of the access control and remote authentication solution BIG-IP allows a perpetrator to cause a service failure.

The vulnerability of the Message Routing component in the BIG-IP access control and remote authentication solution is related to pointer aliasing errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...