EulerOS Virtualization 2.13.0 : libpng (EulerOS-SA-2026-2404)

According to the versions of the libpng packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...

EulerOS 2.0 SP13 : libpng (EulerOS-SA-2026-2340)

According to the versions of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In...

ROS-20260529-73-0007

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

libpng security update

2:1.6.40-8.4 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161324...

SUSE-SU-2026:1716-1 Security update for libpng12

This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. Security issues : - CVE-2017-12652: missing chunk length check can lead to sensitive information disclosure, data corruption or crash bsc1141493. - CVE-2026-33416: use-after-free via pointer aliasing in...

Security update for libpng12

This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS and pngsethIST can...

Medium: libpng

Issue Overview: Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding getter back into the setter causes the setter to read from a stale pointer after freeing the internal buffer, leading to corrupted chunk data and...

CLSA-2026-1776422998 libpng15: Fix of CVE-2026-33416

CVE-2026-33416: fix use-after-free in pngsettRNS and pngsetPLTE due to aliased heap buffers...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

Security update for libpng16

This update for libpng16 fixes the following issue: CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

SUSE-SU-2026:21067-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. - CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

CVE-2026-33416

CVE-2026-33416 concerns libpng: in versions 1.2.1 through 1.6.55, png_set_tRNS and png_set_PLTE alias a 256-byte and a 768-byte heap buffer between png_struct and png_info, respectively. Freeing via PNG_FREE_TRNS/PNG_FREE_PLTE frees through info_ptr while png_ptr remains dangling, causing potenti...

CVE-2026-33416

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

libpng 资源管理错误漏洞

Libpng is an open-source PNG reference library developed by The PNG Development Group, which allows for the creation, reading, and other operations on PNG graphic files. Versions of Libpng prior to 1.6.55 contained a resource management vulnerability. This vulnerability stemmed from aliases and...