CVE-2026-40930: LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body
LIBPNG is a reference library for use in applications that process PNG (Portable Network Graphics) raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk header on the next call to pngprocessdata. Commit faf06924688b62d7c1654b5ceddedbde66ffadb4 fixes the issue.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-40930?
The severity of CVE-2026-40930 is rated as medium with a CVSS score of 5.4.
How do I fix CVE-2026-40930?
To fix CVE-2026-40930, upgrade to the latest version of libpng that includes the patch for the vulnerability.
What type of vulnerability is CVE-2026-40930?
CVE-2026-40930 is a chunk smuggling vulnerability in the push-mode APNG parser of libpng.
What are the potential impacts of CVE-2026-40930?
The potential impacts of CVE-2026-40930 include possible denial of service attacks due to improper handling of image files.
Which versions of libpng are affected by CVE-2026-40930?
CVE-2026-40930 affects libpng version 1.8.0 and possibly later versions if unpatched.