CVE-2026-34757Use After Free in Libpng

CWE-416Use After FreeCWE-825Expired Pointer Dereference14 documents6 sources
Severity
5.1MEDIUMNVD
EPSS
0.0%
top 96.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pnggroup LibpngDebian Libpng1.6
Timeline
PublishedApr 9

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, wh

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.5 | Impact: 2.5

Affected Packages2 packages

CVEListV5pnggroup/libpng>= 1.0.9, < 1.6.57

🔴Vulnerability Details

1
CVEList
LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure2026-04-09

📋Vendor Advisories

2
Red Hat
libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability2026-04-09
Debian
CVE-2026-34757: libpng1.62026

🕵️Threat Intelligence

9
Wiz
CVE-2026-35604 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-35606 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-35607 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-34757 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-35605 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-34757 libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability2026-04-09