ROS-20260529-73-0008

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

ROS-20260529-73-0007

The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow a remote attacker to gain access to the freed memory area, which could lead to the execution of arbitrary...

libpng security update

2:1.6.40-8.4 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161324...

libpng security update

2:1.6.37-12.4 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161436...

SUSE-SU-2026:1716-1 Security update for libpng12

This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. Security issues : - CVE-2017-12652: missing chunk length check can lead to sensitive information disclosure, data corruption or crash bsc1141493. - CVE-2026-33416: use-after-free via pointer aliasing in...

Security update for libpng12

This update for libpng12 fixes the following issues: Update to version 1.2.59 jscPED-16191. CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS and pngsethIST can...

Medium: libpng

Issue Overview: Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding getter back into the setter causes the setter to read from a stale pointer after freeing the internal buffer, leading to corrupted chunk data and...

SUSE SLED15 / SLES15 Security Update : libpng16 (SUSE-SU-2026:1602-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1602-1 advisory. This update for libpng16 fixes the following issue: - CVE-2026-34757: information disclosure and data corruption due to...

Security update for libpng16

This update for libpng16 fixes the following issue: CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for libpng16

This update for libpng16 fixes the following issue: CVE-2026-34757: information disclosure and data corruption due to use-after-free in pngsetPLTE, pngsettRNS and pngsethIST bsc1261957. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2026:1500-1 Security update for libpng15

This update for libpng15 fixes the following issues: - CVE-2026-34757: use-after-free in pngsetPLTE, pngsettRNS and pngsethIST can lead to information disclosure and data corruption bsc1261957. - CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrar...

CLSA-2026-1776424888 libpng15: Fix of CVE-2026-33416

CVE-2026-33416: fix use-after-free in pngsettRNS and pngsetPLTE due to aliased heap buffers...

CLSA-2026-1776422998 libpng15: Fix of CVE-2026-33416

CVE-2026-33416: fix use-after-free in pngsettRNS and pngsetPLTE due to aliased heap buffers...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and...

Security update for libpng16

This update for libpng16 fixes the following issues: CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...

Security update for libpng16

This update for libpng16 fixes the following issue: CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdat...

Important: firefox

Issue Overview: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single...

Important: libpng

Issue Overview: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single...

CVE-2026-34757

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same...

SUSE-SU-2026:21038-1 Security update for libpng16

This update for libpng16 fixes the following issues: - CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE can lead to arbitrary code execution bsc1260754. - CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and...