Libpng · Libpng · CVE-2026-34757
Name of the Vulnerable Software and Affected Versions
LIBPNG versions 1.0.9 through 1.6.56
Description
LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A flaw exists where passing a pointer obtained from `png get PLTE`, `png get tRNS`, or `png get hIST` back into the corresponding setter function on the same `png struct`/`png info` pair can lead to reading from freed memory. This occurs because the setter frees the internal buffer before copying data from the provided pointer, which is now invalid. This can result in silently corrupted chunk metadata or leakage of unrelated heap contents into the chunk structure.
Recommendations
Update to version 1.6.57 or later.