CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

CVE-2026-40930

CVE-2026-40930 concerns LIBPNG (v1.8.0) where three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC. This allows attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk heade...

PT-2026-42116

Name of the Vulnerable Software and Affected Versions libpng-apng affected versions not specified Description An issue exists in the push-mode APNG parser where chunk smuggling is possible via an unconsumed chunk body. This occurs within the third-party libpng-apng patch. Recommendations At the...

CLSA-2025-1756751597 squid: Fix of CVE-2023-46846

CVE-2023-46846: fix Request/Response chunk smuggling in HTTP/1.1 and ICAP...

CLSA-2025-1756751473 squid: Fix of CVE-2023-46846

CVE-2023-46846: fix Request/Response chunk smuggling in HTTP/1.1 and ICAP...