CVE-2026-33416

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-33416
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-33416.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-33416
Aliases
  • GHSA-m4pc-p4q3-4c7j
Downstream
Published
2026-03-26T16:48:54.174Z
Modified
2026-03-27T11:05:36.071285Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Details

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, png_set_tRNS and png_set_PLTE each alias a heap-allocated buffer between png_struct and png_info, sharing a single allocation across two structs with independent lifetimes. The trans_alpha aliasing has been present since at least libpng 1.0, and the palette aliasing since at least 1.2.1. Both affect all prior release lines png_set_tRNS sets png_ptr->trans_alpha = info_ptr->trans_alpha (256-byte buffer) and png_set_PLTE sets info_ptr->palette = png_ptr->palette (768-byte buffer). In both cases, calling png_free_data (with PNG_FREE_TRNS or PNG_FREE_PLTE) frees the buffer through info_ptr while the corresponding png_ptr pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to png_set_tRNS or png_set_PLTE has the same effect, because both functions call png_free_data internally before reallocating the info_ptr buffer. Version 1.6.56 fixes the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-416"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33416.json"
}
References

Affected packages

Git / github.com/pnggroup/libpng

Affected ranges

Type
GIT
Repo
https://github.com/pnggroup/libpng
Events
Introduced
f50c91b7bd6d7c539bd8820c8ab2e37a86108a44
Fixed
d5515b5b8be3901aac04e5bd8bd5c89f287bcd33
Database specific 
{
    "versions": [
        {
            "introduced": "1.2.1"
        },
        {
            "fixed": "1.6.56"
        }
    ]
}

Affected versions

libpng-1.*
libpng-1.2.50-signed
libpng-1.2.51-signed
libpng-1.2.52-signed
libpng-1.2.53-signed
libpng-1.2.55-signed
libpng-1.2.56-signed
libpng-1.4.12-signed
libpng-1.4.13-signed
libpng-1.4.14-signed
libpng-1.4.15-signed
libpng-1.4.16-signed
libpng-1.4.18-signed
libpng-1.4.19-signed
libpng-1.5.16-signed
libpng-1.5.17-signed
libpng-1.5.18-signed
libpng-1.5.20-signed
libpng-1.5.21-signed
libpng-1.5.22-signed
libpng-1.5.23-signed
libpng-1.5.25-signed
libpng-1.5.26-signed
libpng-1.6.10-signed
libpng-1.6.11-signed
libpng-1.6.12-signed
libpng-1.6.13-signed
libpng-1.6.14-signed
libpng-1.6.15-master-signed
libpng-1.6.15-signed
libpng-1.6.16-master-signed
libpng-1.6.16-signed
libpng-1.6.17-master-signed
libpng-1.6.17-signed
libpng-1.6.18-master-signed
libpng-1.6.18-signed
libpng-1.6.2-signed
libpng-1.6.20-master-signed
libpng-1.6.20-signed
libpng-1.6.21-master-signed
libpng-1.6.21-signed
libpng-1.6.23-signed
libpng-1.6.24-master-signed
libpng-1.6.24-signed
libpng-1.6.25-master-signed
libpng-1.6.25-signed
libpng-1.6.26-master-signed
libpng-1.6.26-signed
libpng-1.6.28-signed
libpng-1.6.29-master-signed
libpng-1.6.29-signed
libpng-1.6.3-signed
libpng-1.6.30-master-signed
libpng-1.6.30-signed
libpng-1.6.31-master-signed
libpng-1.6.31-signed
libpng-1.6.4-signed
libpng-1.6.7-signed
libpng-1.6.8-signed
libpng-1.6.9-signed
v1.*
v1.2.1
v1.2.10
v1.2.10beta1
v1.2.10beta2
v1.2.10beta3
v1.2.10beta4
v1.2.10beta5
v1.2.10beta6
v1.2.10beta7
v1.2.10rc1
v1.2.10rc2
v1.2.10rc3
v1.2.11
v1.2.11beta1
v1.2.11beta2
v1.2.11beta2cos
v1.2.11beta3
v1.2.11beta4
v1.2.11rc1
v1.2.11rc2
v1.2.11rc3
v1.2.11rc5
v1.2.12
v1.2.13
v1.2.13beta1
v1.2.13rc1
v1.2.13rc2
v1.2.14
v1.2.14beta1
v1.2.14beta2
v1.2.14rc1
v1.2.15
v1.2.15beta1
v1.2.15beta2
v1.2.15beta3
v1.2.15beta4
v1.2.15beta5
v1.2.15beta6
v1.2.15rc1
v1.2.15rc2
v1.2.15rc3
v1.2.15rc4
v1.2.15rc5
v1.2.16
v1.2.16beta1
v1.2.16beta2
v1.2.16rc1
v1.2.17
v1.2.17beta1
v1.2.17beta2
v1.2.17rc1
v1.2.17rc2
v1.2.17rc3
v1.2.17rc4
v1.2.18
v1.2.19
v1.2.19beta1
v1.2.19beta10
v1.2.19beta11
v1.2.19beta12
v1.2.19beta13
v1.2.19beta14
v1.2.19beta15
v1.2.19beta16
v1.2.19beta17
v1.2.19beta18
v1.2.19beta19
v1.2.19beta2
v1.2.19beta20
v1.2.19beta21
v1.2.19beta22
v1.2.19beta23
v1.2.19beta24
v1.2.19beta25
v1.2.19beta26
v1.2.19beta27
v1.2.19beta28
v1.2.19beta29
v1.2.19beta3
v1.2.19beta30
v1.2.19beta31
v1.2.19beta4
v1.2.19beta5
v1.2.19beta6
v1.2.19beta7
v1.2.19beta8
v1.2.19beta9
v1.2.19rc1
v1.2.19rc2
v1.2.19rc3
v1.2.19rc4
v1.2.19rc5
v1.2.19rc6
v1.2.2
v1.2.20
v1.2.20beta01
v1.2.20beta02
v1.2.20beta03
v1.2.20beta04
v1.2.20rc1
v1.2.20rc2
v1.2.20rc3
v1.2.20rc4
v1.2.20rc5
v1.2.20rc6
v1.2.21
v1.2.21beta1
v1.2.21beta2
v1.2.21rc1
v1.2.21rc2
v1.2.21rc3
v1.2.22
v1.2.22beta1
v1.2.22beta2
v1.2.22beta3
v1.2.22beta4
v1.2.22rc1
v1.2.23
v1.2.23beta01
v1.2.23beta02
v1.2.23beta03
v1.2.23beta04
v1.2.23beta05
v1.2.23rc01
v1.2.24
v1.2.24beta01
v1.2.24beta02
v1.2.24rc01
v1.2.25
v1.2.25beta01
v1.2.25beta02
v1.2.25beta03
v1.2.25beta04
v1.2.25beta05
v1.2.25beta06
v1.2.25rc01
v1.2.25rc02
v1.2.26
v1.2.26beta01
v1.2.26beta02
v1.2.26beta03
v1.2.26beta04
v1.2.26beta05
v1.2.26beta06
v1.2.26rc01
v1.2.27
v1.2.27beta01
v1.2.27beta02
v1.2.27beta03
v1.2.27beta04
v1.2.27beta05
v1.2.27beta06
v1.2.27rc01
v1.2.28
v1.2.29
v1.2.29beta01
v1.2.29beta02
v1.2.29beta03
v1.2.29rc01
v1.2.2beta1
v1.2.2beta2
v1.2.2beta3
v1.2.2beta4
v1.2.2beta5
v1.2.2beta6
v1.2.2rc1
v1.2.3
v1.2.30
v1.2.30beta01
v1.2.30beta02
v1.2.30beta03
v1.2.30beta04
v1.2.30rc01
v1.2.30rc02
v1.2.30rc03
v1.2.30rc04
v1.2.30rc05
v1.2.30rc06
v1.2.30rc07
v1.2.30rc08
v1.2.31
v1.2.31rc01
v1.2.31rc02
v1.2.31rc03
v1.2.32
v1.2.32beta01
v1.2.32rc01
v1.2.33
v1.2.33beta01
v1.2.33rc01
v1.2.33rc02
v1.2.34
v1.2.34beta01
v1.2.34beta02
v1.2.34beta03
v1.2.34beta04
v1.2.34beta05
v1.2.34beta06
v1.2.34beta07
v1.2.34rc01
v1.2.35
v1.2.35beta01
v1.2.35beta02
v1.2.35beta03
v1.2.35rc01
v1.2.35rc02
v1.2.36
v1.2.36beta01
v1.2.36beta02
v1.2.36beta03
v1.2.36beta04
v1.2.36beta05
v1.2.37
v1.2.37beta01
v1.2.37beta02
v1.2.37beta03
v1.2.37rc01
v1.2.38
v1.2.38beta01
v1.2.38rc01
v1.2.38rc02
v1.2.38rc03
v1.2.39
v1.2.39beta01
v1.2.39beta02
v1.2.39beta03
v1.2.39beta04
v1.2.39beta05
v1.2.39rc01
v1.2.3rc1
v1.2.3rc2
v1.2.3rc3
v1.2.3rc4
v1.2.3rc5
v1.2.3rc6
v1.2.4
v1.2.40
v1.2.40beta01
v1.2.40rc01
v1.2.41
v1.2.41beta01
v1.2.41beta02
v1.2.41beta03
v1.2.41beta04
v1.2.41beta05
v1.2.41beta06
v1.2.41beta07
v1.2.41beta08
v1.2.41beta09
v1.2.41beta10
v1.2.41beta11
v1.2.41beta12
v1.2.41beta13
v1.2.41beta14
v1.2.41beta15
v1.2.41beta16
v1.2.41beta17
v1.2.41beta18
v1.2.41beta19
v1.2.41rc01
v1.2.41rc02
v1.2.41rc03
v1.2.42
v1.2.42beta01
v1.2.42beta02
v1.2.42rc01
v1.2.42rc02
v1.2.42rc03
v1.2.42rc04
v1.2.42rc05
v1.2.43
v1.2.43beta02
v1.2.43beta03
v1.2.43beta04
v1.2.43beta05
v1.2.43rc01
v1.2.43rc02
v1.2.44
v1.2.44beta01
v1.2.44beta02
v1.2.44beta03
v1.2.44rc01
v1.2.44rc02
v1.2.44rc03
v1.2.45
v1.2.45beta01
v1.2.45beta02
v1.2.45beta03
v1.2.45rc01
v1.2.46
v1.2.46rc01
v1.2.46rc02
v1.2.47
v1.2.47rc01
v1.2.48
v1.2.48beta01
v1.2.48rc02
v1.2.49
v1.2.4beta1
v1.2.4beta2
v1.2.4beta3
v1.2.4rc1
v1.2.5
v1.2.50
v1.2.51
v1.2.51beta01
v1.2.51beta02
v1.2.51beta03
v1.2.51beta04
v1.2.51beta05
v1.2.51rc01
v1.2.51rc02
v1.2.51rc03
v1.2.51rc04
v1.2.52
v1.2.52beta01
v1.2.52rc01
v1.2.52rc02
v1.2.53
v1.2.53beta01
v1.2.53beta02
v1.2.53rc01
v1.2.54
v1.2.54beta01
v1.2.54rc01
v1.2.54rc02
v1.2.54rc04
v1.2.55
v1.2.55beta01
v1.2.55beta02
v1.2.55rc01
v1.2.56
v1.2.56beta01
v1.2.56rc01
v1.2.57
v1.2.57rc01
v1.2.58
v1.2.58beta01
v1.2.58rc01
v1.2.59
v1.2.59beta01
v1.2.59beta02
v1.2.59rc01
v1.2.5beta1
v1.2.5beta2
v1.2.5rc1
v1.2.5rc2
v1.2.5rc3
v1.2.6
v1.2.6beta1
v1.2.6beta2
v1.2.6beta3
v1.2.6beta4
v1.2.6rc1
v1.2.6rc2
v1.2.6rc3
v1.2.6rc4
v1.2.6rc5
v1.2.7
v1.2.7beta1
v1.2.7beta2
v1.2.7rc1
v1.2.8
v1.2.8beta1
v1.2.8beta2
v1.2.8beta3
v1.2.8beta4
v1.2.8beta5
v1.2.8rc1
v1.2.8rc2
v1.2.8rc3
v1.2.8rc4
v1.2.8rc5
v1.2.9
v1.2.9beta1
v1.2.9beta10
v1.2.9beta11
v1.2.9beta2
v1.2.9beta3
v1.2.9beta4
v1.2.9beta5
v1.2.9beta6
v1.2.9beta7
v1.2.9beta8
v1.2.9beta9
v1.2.9rc1
v1.4.0
v1.4.0beta1
v1.4.0beta10
v1.4.0beta100
v1.4.0beta101
v1.4.0beta102
v1.4.0beta103
v1.4.0beta104
v1.4.0beta105
v1.4.0beta106
v1.4.0beta107
v1.4.0beta108
v1.4.0beta109
v1.4.0beta11
v1.4.0beta12
v1.4.0beta13
v1.4.0beta14
v1.4.0beta15
v1.4.0beta16
v1.4.0beta17
v1.4.0beta18
v1.4.0beta19
v1.4.0beta2
v1.4.0beta20
v1.4.0beta21
v1.4.0beta22
v1.4.0beta23
v1.4.0beta24
v1.4.0beta25
v1.4.0beta26
v1.4.0beta27
v1.4.0beta28
v1.4.0beta29
v1.4.0beta3
v1.4.0beta30
v1.4.0beta31
v1.4.0beta32
v1.4.0beta33
v1.4.0beta34
v1.4.0beta35
v1.4.0beta36
v1.4.0beta37
v1.4.0beta38
v1.4.0beta39
v1.4.0beta4
v1.4.0beta40
v1.4.0beta41
v1.4.0beta42
v1.4.0beta43
v1.4.0beta44
v1.4.0beta45
v1.4.0beta46
v1.4.0beta47
v1.4.0beta48
v1.4.0beta49
v1.4.0beta5
v1.4.0beta50
v1.4.0beta51
v1.4.0beta52
v1.4.0beta53
v1.4.0beta54
v1.4.0beta55
v1.4.0beta56
v1.4.0beta57
v1.4.0beta58
v1.4.0beta6
v1.4.0beta60
v1.4.0beta61
v1.4.0beta62
v1.4.0beta63
v1.4.0beta64
v1.4.0beta65
v1.4.0beta66
v1.4.0beta67
v1.4.0beta68
v1.4.0beta69
v1.4.0beta7
v1.4.0beta70
v1.4.0beta71
v1.4.0beta73
v1.4.0beta74
v1.4.0beta75
v1.4.0beta76
v1.4.0beta77
v1.4.0beta78
v1.4.0beta79
v1.4.0beta8
v1.4.0beta80
v1.4.0beta81
v1.4.0beta82
v1.4.0beta83
v1.4.0beta84
v1.4.0beta85
v1.4.0beta86
v1.4.0beta87
v1.4.0beta89
v1.4.0beta9
v1.4.0beta90
v1.4.0beta91
v1.4.0beta92
v1.4.0beta93
v1.4.0beta94
v1.4.0beta95
v1.4.0beta96
v1.4.0beta97
v1.4.0beta98
v1.4.0beta99
v1.4.0rc01
v1.4.0rc02
v1.4.0rc03
v1.4.0rc04
v1.4.0rc05
v1.4.0rc06
v1.4.0rc07
v1.4.0rc08
v1.4.1
v1.4.10
v1.4.10beta01
v1.4.10rc02
v1.4.11
v1.4.12
v1.4.13
v1.4.13beta01
v1.4.13beta02
v1.4.13beta03
v1.4.13beta04
v1.4.13beta05
v1.4.13beta06
v1.4.13rc01
v1.4.13rc02
v1.4.14
v1.4.14beta01
v1.4.14rc01
v1.4.14rc02
v1.4.15
v1.4.15beta01
v1.4.15beta02
v1.4.15rc01
v1.4.15rc02
v1.4.16
v1.4.16beta02
v1.4.16rc01
v1.4.17
v1.4.17beta01
v1.4.17beta02
v1.4.17beta03
v1.4.17rc01
v1.4.17rc02
v1.4.17rc03
v1.4.17rc04
v1.4.18
v1.4.18beta01
v1.4.18beta02
v1.4.18rc01
v1.4.19
v1.4.19beta01
v1.4.19rc01
v1.4.1alpha01
v1.4.1alpha02
v1.4.1beta01
v1.4.1beta02
v1.4.1beta03
v1.4.1beta04
v1.4.1beta05
v1.4.1beta06
v1.4.1beta07
v1.4.1beta08
v1.4.1beta09
v1.4.1beta10
v1.4.1beta11
v1.4.1beta12
v1.4.1rc01
v1.4.1rc02
v1.4.1rc03
v1.4.1rc04
v1.4.2
v1.4.20
v1.4.20rc01
v1.4.21
v1.4.21beta01
v1.4.21rc01
v1.4.22
v1.4.22beta01
v1.4.22beta02
v1.4.22rc01
v1.4.2beta01
v1.4.2rc01
v1.4.2rc02
v1.4.2rc03
v1.4.2rc04
v1.4.2rc05
v1.4.2rc06
v1.4.3
v1.4.3beta01
v1.4.3beta02
v1.4.3beta04
v1.4.3beta05
v1.4.3rc01
v1.4.3rc02
v1.4.3rc03
v1.4.4
v1.4.4beta01
v1.4.4beta02
v1.4.4beta03
v1.4.4beta05
v1.4.4beta06
v1.4.4beta07
v1.4.4beta08
v1.4.4rc01
v1.4.4rc02
v1.4.4rc03
v1.4.4rc04
v1.4.4rc05
v1.4.5
v1.4.5beta01
v1.4.5beta02
v1.4.5beta03
v1.4.5beta04
v1.4.5beta05
v1.4.5beta06
v1.4.5rc01
v1.4.5rc02
v1.4.5rc03
v1.4.6
v1.4.6beta01
v1.4.6beta02
v1.4.6beta03
v1.4.6beta04
v1.4.6beta05
v1.4.6beta06
v1.4.6beta07
v1.4.6rc01
v1.4.6rc02
v1.4.7
v1.4.7rc01
v1.4.8
v1.4.8beta01
v1.4.8beta02
v1.4.8beta03
v1.4.8beta04
v1.4.8beta05
v1.4.8rc01
v1.4.9
v1.4.9beta01
v1.4.9rc01
v1.5.0
v1.5.0beta01
v1.5.0beta02
v1.5.0beta03
v1.5.0beta04
v1.5.0beta05
v1.5.0beta06
v1.5.0beta07
v1.5.0beta08
v1.5.0beta09
v1.5.0beta11
v1.5.0beta12
v1.5.0beta13
v1.5.0beta14
v1.5.0beta15
v1.5.0beta16
v1.5.0beta17
v1.5.0beta18
v1.5.0beta19
v1.5.0beta20
v1.5.0beta21
v1.5.0beta22
v1.5.0beta23
v1.5.0beta24
v1.5.0beta25
v1.5.0beta26
v1.5.0beta27
v1.5.0beta28
v1.5.0beta29
v1.5.0beta30
v1.5.0beta31
v1.5.0beta32
v1.5.0beta33
v1.5.0beta34
v1.5.0beta35
v1.5.0beta36
v1.5.0beta37
v1.5.0beta38
v1.5.0beta39
v1.5.0beta40
v1.5.0beta41
v1.5.0beta42
v1.5.0beta43
v1.5.0beta44
v1.5.0beta45
v1.5.0beta46
v1.5.0beta47
v1.5.0beta48
v1.5.0beta49
v1.5.0beta50
v1.5.0beta51
v1.5.0beta52
v1.5.0beta53
v1.5.0beta54
v1.5.0beta55
v1.5.0beta56
v1.5.0beta57
v1.5.0beta58
v1.5.0rc01
v1.5.0rc02
v1.5.0rc03
v1.5.0rc05
v1.5.0rc06
v1.5.1
v1.5.10
v1.5.10beta01
v1.5.10beta02
v1.5.10beta03
v1.5.10beta04
v1.5.10rc01
v1.5.11
v1.5.11beta01
v1.5.11rc01
v1.5.11rc02
v1.5.11rc03
v1.5.11rc04
v1.5.11rc05
v1.5.12
v1.5.13
v1.5.13beta01
v1.5.13beta02
v1.5.13rc01
v1.5.14
v1.5.14beta01
v1.5.14beta02
v1.5.14beta04
v1.5.14beta05
v1.5.14beta06
v1.5.14beta07
v1.5.14beta08
v1.5.14rc01
v1.5.14rc02
v1.5.14rc03
v1.5.15
v1.5.15beta01
v1.5.15beta02
v1.5.15beta03
v1.5.15beta04
v1.5.15beta05
v1.5.15beta06
v1.5.15beta07
v1.5.15beta08
v1.5.15beta09
v1.5.15rc01
v1.5.16
v1.5.16beta01
v1.5.16beta02
v1.5.16beta03
v1.5.16beta04
v1.5.16beta05
v1.5.16beta06
v1.5.16rc01
v1.5.17
v1.5.17beta01
v1.5.17rc01
v1.5.17rc02
v1.5.17rc03
v1.5.18
v1.5.18beta01
v1.5.18beta02
v1.5.18beta03
v1.5.18beta04
v1.5.18beta05
v1.5.18rc01
v1.5.18rc02
v1.5.19
v1.5.19beta01
v1.5.19beta02
v1.5.19beta03
v1.5.19beta04
v1.5.19beta05
v1.5.19rc01
v1.5.1beta01
v1.5.1beta02
v1.5.1beta03
v1.5.1beta04
v1.5.1beta05
v1.5.1beta06
v1.5.1beta07
v1.5.1beta08
v1.5.1beta09
v1.5.1beta10
v1.5.1beta11
v1.5.1rc01
v1.5.1rc02
v1.5.2
v1.5.20
v1.5.20beta01
v1.5.20rc01
v1.5.20rc02
v1.5.20rc03
v1.5.21
v1.5.21beta01
v1.5.21rc01
v1.5.21rc02
v1.5.21rc03
v1.5.22
v1.5.22beta01
v1.5.22beta02
v1.5.22beta03
v1.5.22beta04
v1.5.22rc01
v1.5.22rc02
v1.5.22rc03
v1.5.22rc04
v1.5.23
v1.5.23beta01
v1.5.23beta02
v1.5.23rc01
v1.5.23rc02
v1.5.23rc03
v1.5.24
v1.5.24beta01
v1.5.24beta02
v1.5.24rc01
v1.5.24rc02
v1.5.24rc04
v1.5.25
v1.5.25beta01
v1.5.25beta02
v1.5.25beta03
v1.5.25rc01
v1.5.26
v1.5.26beta01
v1.5.26rc01
v1.5.27
v1.5.27beta01
v1.5.27beta02
v1.5.27rc01
v1.5.28
v1.5.28rc01
v1.5.29
v1.5.29beta01
v1.5.29beta02
v1.5.29rc01
v1.5.2beta01
v1.5.2beta02
v1.5.2beta03
v1.5.2rc01
v1.5.2rc02
v1.5.2rc03
v1.5.30
v1.5.30beta01
v1.5.30beta02
v1.5.30rc01
v1.5.3beta01
v1.5.3beta02
v1.5.3beta03
v1.5.3beta05
v1.5.3beta06
v1.5.3beta07
v1.5.3beta08
v1.5.3beta09
v1.5.3beta10
v1.5.3beta11
v1.5.3rc01
v1.5.3rc02
v1.5.4
v1.5.4beta01
v1.5.4beta02
v1.5.4beta03
v1.5.4beta04
v1.5.4beta05
v1.5.4beta06
v1.5.4beta07
v1.5.4beta08
v1.5.4rc01
v1.5.5
v1.5.5beta01
v1.5.5beta02
v1.5.5beta03
v1.5.5beta04
v1.5.5beta05
v1.5.5beta06
v1.5.5beta07
v1.5.5beta08
v1.5.5rc01
v1.5.6
v1.5.6beta01
v1.5.6beta02
v1.5.6beta03
v1.5.6beta04
v1.5.6beta05
v1.5.6beta06
v1.5.6beta07
v1.5.6rc01
v1.5.6rc02
v1.5.6rc03
v1.5.7
v1.5.7beta01
v1.5.7beta02
v1.5.7beta03
v1.5.7beta04
v1.5.7beta05
v1.5.7rc01
v1.5.7rc02
v1.5.7rc03
v1.5.8beta01
v1.5.8rc01
v1.5.8rc02
v1.5.9
v1.5.9beta01
v1.5.9rc01
v1.6.0
v1.6.0alpha01
v1.6.0beta01
v1.6.0beta02
v1.6.0beta03
v1.6.0beta04
v1.6.0beta05
v1.6.0beta06
v1.6.0beta07
v1.6.0beta08
v1.6.0beta09
v1.6.0beta10
v1.6.0beta11
v1.6.0beta12
v1.6.0beta13
v1.6.0beta14
v1.6.0beta15
v1.6.0beta16
v1.6.0beta17
v1.6.0beta18
v1.6.0beta19
v1.6.0beta20
v1.6.0beta21
v1.6.0beta22
v1.6.0beta23
v1.6.0beta24
v1.6.0beta25
v1.6.0beta26
v1.6.0beta27
v1.6.0beta28
v1.6.0beta29
v1.6.0beta30
v1.6.0beta31
v1.6.0beta32
v1.6.0beta33
v1.6.0beta34
v1.6.0beta35
v1.6.0beta36
v1.6.0beta37
v1.6.0beta38
v1.6.0beta39
v1.6.0beta40
v1.6.0rc01
v1.6.0rc02
v1.6.0rc03
v1.6.0rc04
v1.6.0rc05
v1.6.0rc06
v1.6.0rc07
v1.6.0rc08
v1.6.1
v1.6.10
v1.6.10beta01
v1.6.10beta02
v1.6.10beta03
v1.6.10rc01
v1.6.10rc02
v1.6.10rc03
v1.6.11
v1.6.11beta01
v1.6.11beta02
v1.6.11beta03
v1.6.11beta04
v1.6.11beta05
v1.6.11beta06
v1.6.11rc01
v1.6.11rc02
v1.6.12
v1.6.12rc01
v1.6.12rc02
v1.6.12rc03
v1.6.13
v1.6.13beta01
v1.6.13beta02
v1.6.13beta03
v1.6.13beta04
v1.6.13rc01
v1.6.14
v1.6.14beta01
v1.6.14beta02
v1.6.14beta03
v1.6.14beta04
v1.6.14beta05
v1.6.14beta06
v1.6.14beta07
v1.6.14rc01
v1.6.14rc02
v1.6.15
v1.6.15beta01
v1.6.15beta02
v1.6.15beta03
v1.6.15beta04
v1.6.15beta05
v1.6.15beta06
v1.6.15beta07
v1.6.15beta08
v1.6.15rc01
v1.6.15rc02
v1.6.15rc03
v1.6.16
v1.6.16beta01
v1.6.16beta02
v1.6.16beta03
v1.6.16rc01
v1.6.16rc02
v1.6.16rc03
v1.6.17
v1.6.17-master
v1.6.17beta01
v1.6.17beta02
v1.6.17beta03
v1.6.17beta04
v1.6.17beta05
v1.6.17beta06
v1.6.17rc01
v1.6.17rc02
v1.6.17rc03
v1.6.17rc04
v1.6.17rc05
v1.6.17rc06
v1.6.18
v1.6.18-master
v1.6.18beta01
v1.6.18beta02
v1.6.18beta03
v1.6.18beta04
v1.6.18beta05
v1.6.18beta06
v1.6.18beta07
v1.6.18beta08
v1.6.18beta09
v1.6.18rc01
v1.6.18rc02
v1.6.18rc03
v1.6.19
v1.6.19beta01
v1.6.19beta02
v1.6.19beta03
v1.6.19beta04
v1.6.19rc01
v1.6.19rc02
v1.6.19rc03
v1.6.19rc04
v1.6.1beta01
v1.6.1beta02
v1.6.1beta03
v1.6.1beta04
v1.6.1beta05
v1.6.1beta06
v1.6.1beta07
v1.6.1beta08
v1.6.1beta09
v1.6.1rc01
v1.6.2
v1.6.20beta01
v1.6.20beta02
v1.6.20beta03
v1.6.20rc01
v1.6.20rc02
v1.6.21
v1.6.21beta01
v1.6.21beta02
v1.6.21beta03
v1.6.21rc01
v1.6.21rc02
v1.6.22
v1.6.22beta01
v1.6.22beta02
v1.6.22beta03
v1.6.22beta04
v1.6.22beta05
v1.6.22beta06
v1.6.22rc01
v1.6.22rc02
v1.6.22rc03
v1.6.23
v1.6.23beta01
v1.6.23rc01
v1.6.23rc02
v1.6.24
v1.6.24beta01
v1.6.24beta02
v1.6.24beta03
v1.6.24beta04
v1.6.24beta05
v1.6.24beta06
v1.6.24rc01
v1.6.24rc02
v1.6.24rc03
v1.6.25
v1.6.25beta01
v1.6.25beta02
v1.6.25rc02
v1.6.25rc03
v1.6.25rc04
v1.6.25rc05
v1.6.26
v1.6.26beta01
v1.6.26beta02
v1.6.26beta03
v1.6.26beta04
v1.6.26beta05
v1.6.26beta06
v1.6.26rc01
v1.6.27
v1.6.27beta01
v1.6.27rc01
v1.6.28
v1.6.28rc01
v1.6.28rc02
v1.6.28rc03
v1.6.29
v1.6.29beta01
v1.6.29beta02
v1.6.29beta03
v1.6.29rc01
v1.6.2beta01
v1.6.2beta02
v1.6.2rc01
v1.6.2rc02
v1.6.2rc03
v1.6.2rc04
v1.6.2rc05
v1.6.2rc06
v1.6.3
v1.6.30
v1.6.30beta01
v1.6.30beta02
v1.6.30beta03
v1.6.30beta04
v1.6.30rc01
v1.6.30rc02
v1.6.31
v1.6.31beta01
v1.6.31beta02
v1.6.31beta03
v1.6.31beta04
v1.6.31beta05
v1.6.31beta06
v1.6.31beta07
v1.6.31rc01
v1.6.31rc02
v1.6.32
v1.6.32beta01
v1.6.32beta02
v1.6.32beta03
v1.6.32beta05
v1.6.32beta06
v1.6.32beta07
v1.6.32beta08
v1.6.32beta09
v1.6.32beta10
v1.6.32beta11
v1.6.32rc01
v1.6.32rc02
v1.6.33
v1.6.33beta01
v1.6.33beta02
v1.6.33beta03
v1.6.33rc01
v1.6.33rc02
v1.6.34
v1.6.35
v1.6.35beta01
v1.6.36
v1.6.37
v1.6.38
v1.6.39
v1.6.3beta01
v1.6.3beta02
v1.6.3beta03
v1.6.3beta04
v1.6.3beta05
v1.6.3beta06
v1.6.3beta07
v1.6.3beta08
v1.6.3beta09
v1.6.3beta10
v1.6.3rc01
v1.6.4
v1.6.40
v1.6.41
v1.6.42
v1.6.43
v1.6.44
v1.6.45
v1.6.46
v1.6.47
v1.6.48
v1.6.49
v1.6.4beta01
v1.6.4beta02
v1.6.4rc01
v1.6.5
v1.6.50
v1.6.51
v1.6.52
v1.6.53
v1.6.54
v1.6.55
v1.6.6
v1.6.7
v1.6.7beta01
v1.6.7beta02
v1.6.7beta03
v1.6.7beta04
v1.6.7rc01
v1.6.7rc02
v1.6.8
v1.6.8beta01
v1.6.8beta02
v1.6.8rc01
v1.6.8rc02
v1.6.9
v1.6.9beta01
v1.6.9beta02
v1.6.9beta03
v1.6.9beta04
v1.6.9rc01
v1.6.9rc02
v1.7.0alpha01
v1.7.0alpha02
v1.7.0alpha03
v1.7.0alpha04
v1.7.0alpha05
v1.7.0alpha06
v1.7.0alpha07
v1.7.0alpha08
v1.7.0alpha09
v1.7.0alpha10
v1.7.0beta01
v1.7.0beta02
v1.7.0beta03
v1.7.0beta04
v1.7.0beta05
v1.7.0beta06
v1.7.0beta07
v1.7.0beta08
v1.7.0beta09
v1.7.0beta10
v1.7.0beta11
v1.7.0beta12
v1.7.0beta13
v1.7.0beta14
v1.7.0beta15
v1.7.0beta16
v1.7.0beta17
v1.7.0beta18
v1.7.0beta19
v1.7.0beta20
v1.7.0beta21
v1.7.0beta22
v1.7.0beta23
v1.7.0beta24
v1.7.0beta25
v1.7.0beta26
v1.7.0beta27
v1.7.0beta28
v1.7.0beta29
v1.7.0beta30
v1.7.0beta31
v1.7.0beta32
v1.7.0beta33
v1.7.0beta34
v1.7.0beta35
v1.7.0beta36
v1.7.0beta37
v1.7.0beta38
v1.7.0beta39
v1.7.0beta40
v1.7.0beta41
v1.7.0beta42
v1.7.0beta43
v1.7.0beta44
v1.7.0beta45
v1.7.0beta46
v1.7.0beta47
v1.7.0beta48
v1.7.0beta49
v1.7.0beta50
v1.7.0beta51
v1.7.0beta52
v1.7.0beta53
v1.7.0beta54
v1.7.0beta55
v1.7.0beta56
v1.7.0beta57
v1.7.0beta58
v1.7.0beta59
v1.7.0beta60
v1.7.0beta61
v1.7.0beta62
v1.7.0beta63
v1.7.0beta64
v1.7.0beta65
v1.7.0beta66
v1.7.0beta67
v1.7.0beta68
v1.7.0beta69
v1.7.0beta70
v1.7.0beta71
v1.7.0beta72
v1.7.0beta73
v1.7.0beta74
v1.7.0beta75
v1.7.0beta76
v1.7.0beta77
v1.7.0beta78
v1.7.0beta79
v1.7.0beta80
v1.7.0beta81
v1.7.0beta82
v1.7.0beta83
v1.7.0beta84
v1.7.0beta85
v1.7.0beta86
v1.7.0beta87
v1.7.0beta88
v1.7.0beta89

Database specific

vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pnggroup/libpng/commit/d5515b5b8be3901aac04e5bd8bd5c89f287bcd33",
        "digest": {
            "line_hashes": [
                "277710390577621166110153611286032748480",
                "37812626001429359030407727102204306192",
                "235108146190051955392336492964133331294",
                "308819439959077714989618121299124277555",
                "260397287775790088579463485285595959002"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2026-33416-053d8287",
        "target": {
            "file": "pngtest.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pnggroup/libpng/commit/d5515b5b8be3901aac04e5bd8bd5c89f287bcd33",
        "digest": {
            "line_hashes": [
                "195793623419483107751349550499422338653",
                "241481619897360395005270248340996576576",
                "333957916052778635910280086895133772621",
                "73182602440664933896353205027083131409",
                "119279519610455638020139458056230155289",
                "215279933436747534013670962459111392399"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2026-33416-9a8d3ae7",
        "target": {
            "file": "png.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pnggroup/libpng/commit/d5515b5b8be3901aac04e5bd8bd5c89f287bcd33",
        "digest": {
            "line_hashes": [
                "166375070723291529406421301066248769034",
                "275647010778297936193963675511576832388",
                "256826767335212246520616614652191899280",
                "279336807821086835335477021495116274772",
                "53629475448747437379627006107537775352",
                "46568612355367798241902050586166833318",
                "245452045998668159989023841863587304868",
                "114709392716353867339954008479701831121"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2026-33416-dc375153",
        "target": {
            "file": "png.h"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/pnggroup/libpng/commit/d5515b5b8be3901aac04e5bd8bd5c89f287bcd33",
        "digest": {
            "length": 481.0,
            "function_hash": "241740084829777515414352894687164664979"
        },
        "signature_type": "Function",
        "id": "CVE-2026-33416-ed236551",
        "target": {
            "file": "png.c",
            "function": "png_get_copyright"
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-33416.json"