Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-34757
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-09 Apr, 2026 | 14:41
Updated At-09 May, 2026 | 10:21
Rejected At-
▼CVE Numbering Authority (CNA)
LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.

Affected Products
Vendor
pnggroup
Product
libpng
Versions
Affected
  • >= 1.0.9, < 1.6.57
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416: Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416: Use After Free
Metrics
VersionBase scoreBase severityVector
3.15.1MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645
x_refsource_CONFIRM
https://github.com/pnggroup/libpng/issues/836
x_refsource_MISC
https://github.com/pnggroup/libpng/issues/837
x_refsource_MISC
https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a
x_refsource_MISC
https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc
x_refsource_MISC
Hyperlink: https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/pnggroup/libpng/issues/836
Resource:
x_refsource_MISC
Hyperlink: https://github.com/pnggroup/libpng/issues/837
Resource:
x_refsource_MISC
Hyperlink: https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a
Resource:
x_refsource_MISC
Hyperlink: https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html
Resource: N/A
Details not found