Shimarda

**Name of the Vulnerable Software and Affected Versions** LIBPNG versions 1.2.1 through 1.6.55 **Description** LIBPNG is a library used by applications to read, create, and manipulate PNG raster image files. Versions 1.2.1 through 1.6.55 contain an issue where the `png set tRNS` and `png set PLTE` functions alias a heap-allocated buffer between `png struct` and `png info`, sharing a single allocation across two structures with independent lifetimes. This aliasing has been present since at least libpng 1.0 for `trans alpha` and since at least 1.2.1 for `palette`. When `png free data` is called with `PNG FREE TRNS` or `PNG FREE PLTE`, the buffer is freed through `info ptr` while the corresponding `png ptr` pointer remains dangling. Subsequent row-transform functions may then dereference and write to this freed memory. Calling `png set tRNS` or `png set PLTE` a second time has the same effect, as these functions call `png free data` internally before reallocating the `info ptr` buffer. **Recommendations** Versions 1.2.1 through 1.6.55 should be updated to version 1.6.56 or later.