CVE-2026-34757: LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure

Published Apr 9, 2026
·
Updated

LIBPNG has a yse-after-free in pngsetPLTE, pngsettRNS and pngsethIST leading to corrupted chunk data and potential heap information disclosure

Other sources

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from pnggetPLTE, pnggettRNS, or pnggethIST back into the corresponding setter on the same pngstruct/pnginfo pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.

MITRE

Affected Software

4 affected componentsFixes available
libpng LIBPNG>=1.0.9<1.6.57
Microsoft azl3 libpng 1.6.56-1
Patch available
libpng LIBPNG>=1.0.9<1.6.57
Debian Debian Linux=11.0

Remediation

Patch Available

https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a

Patch Available

https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc

Patch Available

https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645

Event History

Apr 9, 2026
CVE Published
via MITRE·02:41 PM
Data Sourced
via MITRE·02:41 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:16 PM
RemedyDescriptionSeverityWeaknessAffected Software
Apr 12, 2026
Data Sourced
via Microsoft·08:01 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·08:01 AM
DescriptionSeverity
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-34757?

CVE-2026-34757 has a high severity rating due to its potential for heap information disclosure.

2

How do I fix CVE-2026-34757?

To fix CVE-2026-34757, update to the latest version of libpng that patches the vulnerability.

3

Which versions of libpng are affected by CVE-2026-34757?

CVE-2026-34757 affects libpng versions from 1.0.9 to 1.6.57.

4

What is the main impact of CVE-2026-34757?

The main impact of CVE-2026-34757 is the potential for corrupted chunk data and information disclosure due to use-after-free vulnerabilities.

5

Who is the vendor for the affected software in CVE-2026-34757?

The vendor for the affected software in CVE-2026-34757 is Libpng.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203