ALPINE-CVE-2026-33416

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2026-33416

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-33416.json

JSON Data

https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2026-33416

Upstream

CVE-2026-33416

Published

2026-03-26T17:16:38.443Z

Modified

2026-03-27T09:31:35.162322Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, png_set_tRNS and png_set_PLTE each alias a heap-allocated buffer between png_struct and png_info, sharing a single allocation across two structs with independent lifetimes. The trans_alpha aliasing has been present since at least libpng 1.0, and the palette aliasing since at least 1.2.1. Both affect all prior release lines png_set_tRNS sets png_ptr->trans_alpha = info_ptr->trans_alpha (256-byte buffer) and png_set_PLTE sets info_ptr->palette = png_ptr->palette (768-byte buffer). In both cases, calling png_free_data (with PNG_FREE_TRNS or PNG_FREE_PLTE) frees the buffer through info_ptr while the corresponding png_ptr pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to png_set_tRNS or png_set_PLTE has the same effect, because both functions call png_free_data internally before reallocating the info_ptr buffer. Version 1.6.56 fixes the issue.

References

https://security.alpinelinux.org/vuln/CVE-2026-33416

Affected packages

Alpine:v3.20 / libpng

Package

Name: libpng
Purl: pkg:apk/alpine/libpng?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.56-r0

Affected versions

1.*

1.2.34-r0

1.2.35-r0

1.2.36-r0

1.2.37-r0

1.2.38-r0

1.2.39-r0

1.2.40-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.4-r0

1.4.5-r0

1.4.5-r1

1.5.2-r0

1.5.2-r1

1.5.2-r2

1.5.4-r0

1.5.5-r0

1.5.5-r1

1.5.8-r0

1.5.9-r0

1.5.10-r0

1.5.11-r0

1.5.12-r0

1.5.13-r0

1.5.14-r0

1.5.15-r0

1.5.16-r0

1.5.17-r0

1.6.3-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.6.8-r0

1.6.9-r0

1.6.10-r0

1.6.12-r0

1.6.13-r0

1.6.14-r0

1.6.15-r0

1.6.16-r0

1.6.17-r0

1.6.18-r0

1.6.19-r0

1.6.20-r0

1.6.21-r0

1.6.22-r0

1.6.23-r0

1.6.23-r1

1.6.23-r2

1.6.24-r0

1.6.25-r0

1.6.26-r0

1.6.27-r0

1.6.27-r1

1.6.28-r0

1.6.29-r0

1.6.29-r1

1.6.30-r0

1.6.31-r0

1.6.32-r0

1.6.34-r0

1.6.34-r1

1.6.35-r0

1.6.37-r0

1.6.37-r1

1.6.37-r2

1.6.38-r0

1.6.39-r0

1.6.39-r1

1.6.39-r2

1.6.39-r3

1.6.39-r4

1.6.40-r0

1.6.41-r0

1.6.42-r0

1.6.43-r0

1.6.44-r0

1.6.53-r0

1.6.54-r0

1.6.55-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-33416.json"

Alpine:v3.21 / libpng

Package

Name: libpng
Purl: pkg:apk/alpine/libpng?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.56-r0

Affected versions

1.*

1.2.34-r0

1.2.35-r0

1.2.36-r0

1.2.37-r0

1.2.38-r0

1.2.39-r0

1.2.40-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.4-r0

1.4.5-r0

1.4.5-r1

1.5.2-r0

1.5.2-r1

1.5.2-r2

1.5.4-r0

1.5.5-r0

1.5.5-r1

1.5.8-r0

1.5.9-r0

1.5.10-r0

1.5.11-r0

1.5.12-r0

1.5.13-r0

1.5.14-r0

1.5.15-r0

1.5.16-r0

1.5.17-r0

1.6.3-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.6.8-r0

1.6.9-r0

1.6.10-r0

1.6.12-r0

1.6.13-r0

1.6.14-r0

1.6.15-r0

1.6.16-r0

1.6.17-r0

1.6.18-r0

1.6.19-r0

1.6.20-r0

1.6.21-r0

1.6.22-r0

1.6.23-r0

1.6.23-r1

1.6.23-r2

1.6.24-r0

1.6.25-r0

1.6.26-r0

1.6.27-r0

1.6.27-r1

1.6.28-r0

1.6.29-r0

1.6.29-r1

1.6.30-r0

1.6.31-r0

1.6.32-r0

1.6.34-r0

1.6.34-r1

1.6.35-r0

1.6.37-r0

1.6.37-r1

1.6.37-r2

1.6.38-r0

1.6.39-r0

1.6.39-r1

1.6.39-r2

1.6.39-r3

1.6.39-r4

1.6.40-r0

1.6.41-r0

1.6.42-r0

1.6.43-r0

1.6.44-r0

1.6.47-r0

1.6.53-r0

1.6.54-r0

1.6.55-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-33416.json"

Alpine:v3.22 / libpng

Package

Name: libpng
Purl: pkg:apk/alpine/libpng?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.56-r0

Affected versions

1.*

1.2.34-r0

1.2.35-r0

1.2.36-r0

1.2.37-r0

1.2.38-r0

1.2.39-r0

1.2.40-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.4-r0

1.4.5-r0

1.4.5-r1

1.5.2-r0

1.5.2-r1

1.5.2-r2

1.5.4-r0

1.5.5-r0

1.5.5-r1

1.5.8-r0

1.5.9-r0

1.5.10-r0

1.5.11-r0

1.5.12-r0

1.5.13-r0

1.5.14-r0

1.5.15-r0

1.5.16-r0

1.5.17-r0

1.6.3-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.6.8-r0

1.6.9-r0

1.6.10-r0

1.6.12-r0

1.6.13-r0

1.6.14-r0

1.6.15-r0

1.6.16-r0

1.6.17-r0

1.6.18-r0

1.6.19-r0

1.6.20-r0

1.6.21-r0

1.6.22-r0

1.6.23-r0

1.6.23-r1

1.6.23-r2

1.6.24-r0

1.6.25-r0

1.6.26-r0

1.6.27-r0

1.6.27-r1

1.6.28-r0

1.6.29-r0

1.6.29-r1

1.6.30-r0

1.6.31-r0

1.6.32-r0

1.6.34-r0

1.6.34-r1

1.6.35-r0

1.6.37-r0

1.6.37-r1

1.6.37-r2

1.6.38-r0

1.6.39-r0

1.6.39-r1

1.6.39-r2

1.6.39-r3

1.6.39-r4

1.6.40-r0

1.6.41-r0

1.6.42-r0

1.6.43-r0

1.6.44-r0

1.6.45-r0

1.6.46-r0

1.6.47-r0

1.6.51-r0

1.6.53-r0

1.6.54-r0

1.6.55-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-33416.json"

Alpine:v3.23 / libpng

Package

Name: libpng
Purl: pkg:apk/alpine/libpng?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.56-r0

Affected versions

1.*

1.2.34-r0

1.2.35-r0

1.2.36-r0

1.2.37-r0

1.2.38-r0

1.2.39-r0

1.2.40-r0

1.4.0-r0

1.4.1-r0

1.4.1-r1

1.4.2-r0

1.4.3-r0

1.4.4-r0

1.4.5-r0

1.4.5-r1

1.5.2-r0

1.5.2-r1

1.5.2-r2

1.5.4-r0

1.5.5-r0

1.5.5-r1

1.5.8-r0

1.5.9-r0

1.5.10-r0

1.5.11-r0

1.5.12-r0

1.5.13-r0

1.5.14-r0

1.5.15-r0

1.5.16-r0

1.5.17-r0

1.6.3-r0

1.6.5-r0

1.6.6-r0

1.6.7-r0

1.6.8-r0

1.6.9-r0

1.6.10-r0

1.6.12-r0

1.6.13-r0

1.6.14-r0

1.6.15-r0

1.6.16-r0

1.6.17-r0

1.6.18-r0

1.6.19-r0

1.6.20-r0

1.6.21-r0

1.6.22-r0

1.6.23-r0

1.6.23-r1

1.6.23-r2

1.6.24-r0

1.6.25-r0

1.6.26-r0

1.6.27-r0

1.6.27-r1

1.6.28-r0

1.6.29-r0

1.6.29-r1

1.6.30-r0

1.6.31-r0

1.6.32-r0

1.6.34-r0

1.6.34-r1

1.6.35-r0

1.6.37-r0

1.6.37-r1

1.6.37-r2

1.6.38-r0

1.6.39-r0

1.6.39-r1

1.6.39-r2

1.6.39-r3

1.6.39-r4

1.6.40-r0

1.6.41-r0

1.6.42-r0

1.6.43-r0

1.6.44-r0

1.6.45-r0

1.6.46-r0

1.6.47-r0

1.6.49-r0

1.6.51-r0

1.6.51-r1

1.6.53-r0

1.6.54-r0

1.6.55-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-33416.json"