CVE-2026-34757

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LIBPNG versions 1.0.9 through 1.6.56

Description LIBPNG is a library used by applications to read, create, and manipulate PNG image files. A flaw exists where passing a pointer obtained from png get PLTE, png get tRNS, or png get hIST back into the corresponding setter function on the same png struct/png info pair can lead to reading from freed memory. This occurs because the setter frees the internal buffer before copying data from the provided pointer, which is now invalid. This can result in silently corrupted chunk metadata or leakage of unrelated heap contents into the chunk structure.

Recommendations Update to version 1.6.57 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-06672

CLEANSTART-2026-CF62516

CLEANSTART-2026-EP51501

CVE-2026-34757

ECHO-7EDB-B098-20D5

OESA-2026-2149

OPENSUSE-SU-2026:10564-1

OPENSUSE-SU-2026:10640-1

OPENSUSE-SU-2026:20593-1

RHSA-2026:13719

SUSE-SU-2026:1500-1

SUSE-SU-2026:1601-1

SUSE-SU-2026:1602-1

SUSE-SU-2026:21239-1

SUSE-SU-2026:21251-1

SUSE-SU-2026:21262-1

USN-8251-1

Affected Products

Libpng

Linuxmint

Ubuntu

CVE-2026-34757

Weakness Enumeration

Related Identifiers

Affected Products

References · 103