CVE-2026-33416

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-33416
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-33416.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-33416
Aliases
  • GHSA-m4pc-p4q3-4c7j
Downstream
Related
Published
2026-03-26T16:48:54.174Z
Modified
2026-05-19T18:59:07.522547518Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Details

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, png_set_tRNS and png_set_PLTE each alias a heap-allocated buffer between png_struct and png_info, sharing a single allocation across two structs with independent lifetimes. The trans_alpha aliasing has been present since at least libpng 1.0, and the palette aliasing since at least 1.2.1. Both affect all prior release lines png_set_tRNS sets png_ptr->trans_alpha = info_ptr->trans_alpha (256-byte buffer) and png_set_PLTE sets info_ptr->palette = png_ptr->palette (768-byte buffer). In both cases, calling png_free_data (with PNG_FREE_TRNS or PNG_FREE_PLTE) frees the buffer through info_ptr while the corresponding png_ptr pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to png_set_tRNS or png_set_PLTE has the same effect, because both functions call png_free_data internally before reallocating the info_ptr buffer. Version 1.6.56 fixes the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-416"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33416.json"
}
References

Affected packages

Git / github.com/pnggroup/libpng

Affected ranges

Type
GIT
Repo
https://github.com/pnggroup/libpng
Events
Introduced
f50c91b7bd6d7c539bd8820c8ab2e37a86108a44
Fixed
d5515b5b8be3901aac04e5bd8bd5c89f287bcd33

Affected versions

libpng-1.*
libpng-1.6.10-signed
libpng-1.6.11-signed
libpng-1.6.12-signed
libpng-1.6.13-signed
libpng-1.6.14-signed
libpng-1.6.15-signed
libpng-1.6.16-signed
libpng-1.6.17-signed
libpng-1.6.18-signed
libpng-1.6.2-signed
libpng-1.6.20-signed
libpng-1.6.21-signed
libpng-1.6.23-signed
libpng-1.6.24-signed
libpng-1.6.25-signed
libpng-1.6.26-signed
libpng-1.6.29-signed
libpng-1.6.3-signed
libpng-1.6.30-master-signed
libpng-1.6.30-signed
libpng-1.6.31-master-signed
libpng-1.6.31-signed
libpng-1.6.4-signed
libpng-1.6.7-signed
libpng-1.6.8-signed
libpng-1.6.9-signed
v1.*
v1.2.1
v1.2.10beta1
v1.2.10beta2
v1.2.10beta3
v1.2.10beta4
v1.2.10beta5
v1.2.10beta6
v1.2.10beta7
v1.2.10rc1
v1.2.2
v1.2.2beta1
v1.2.2beta2
v1.2.2beta3
v1.2.2beta4
v1.2.2beta5
v1.2.2beta6
v1.2.2rc1
v1.2.3
v1.2.3rc1
v1.2.3rc2
v1.2.3rc3
v1.2.3rc4
v1.2.3rc5
v1.2.3rc6
v1.2.4
v1.2.4beta1
v1.2.4beta2
v1.2.4beta3
v1.2.4rc1
v1.2.5
v1.2.5beta1
v1.2.5beta2
v1.2.5rc1
v1.2.5rc2
v1.2.5rc3
v1.2.6
v1.2.6beta1
v1.2.6beta2
v1.2.6beta3
v1.2.6beta4
v1.2.6rc1
v1.2.6rc2
v1.2.6rc3
v1.2.6rc4
v1.2.6rc5
v1.2.7
v1.2.7beta1
v1.2.7beta2
v1.2.7rc1
v1.2.8
v1.2.8beta1
v1.2.8beta2
v1.2.8beta3
v1.2.8beta4
v1.2.8beta5
v1.2.8rc1
v1.2.8rc2
v1.2.8rc3
v1.2.8rc4
v1.2.8rc5
v1.2.9
v1.2.9beta1
v1.2.9beta10
v1.2.9beta11
v1.2.9beta2
v1.2.9beta3
v1.2.9beta4
v1.2.9beta5
v1.2.9beta6
v1.2.9beta7
v1.2.9beta8
v1.2.9beta9
v1.2.9rc1
v1.4.0beta1
v1.4.0beta10
v1.4.0beta100
v1.4.0beta101
v1.4.0beta102
v1.4.0beta104
v1.4.0beta105
v1.4.0beta106
v1.4.0beta107
v1.4.0beta108
v1.4.0beta109
v1.4.0beta11
v1.4.0beta12
v1.4.0beta13
v1.4.0beta14
v1.4.0beta15
v1.4.0beta16
v1.4.0beta17
v1.4.0beta18
v1.4.0beta19
v1.4.0beta2
v1.4.0beta20
v1.4.0beta21
v1.4.0beta22
v1.4.0beta23
v1.4.0beta24
v1.4.0beta25
v1.4.0beta26
v1.4.0beta27
v1.4.0beta28
v1.4.0beta29
v1.4.0beta3
v1.4.0beta30
v1.4.0beta31
v1.4.0beta32
v1.4.0beta33
v1.4.0beta34
v1.4.0beta35
v1.4.0beta36
v1.4.0beta37
v1.4.0beta38
v1.4.0beta39
v1.4.0beta4
v1.4.0beta40
v1.4.0beta41
v1.4.0beta42
v1.4.0beta43
v1.4.0beta44
v1.4.0beta45
v1.4.0beta46
v1.4.0beta47
v1.4.0beta48
v1.4.0beta49
v1.4.0beta5
v1.4.0beta50
v1.4.0beta51
v1.4.0beta52
v1.4.0beta53
v1.4.0beta54
v1.4.0beta55
v1.4.0beta56
v1.4.0beta57
v1.4.0beta58
v1.4.0beta6
v1.4.0beta60
v1.4.0beta61
v1.4.0beta62
v1.4.0beta63
v1.4.0beta64
v1.4.0beta65
v1.4.0beta66
v1.4.0beta67
v1.4.0beta68
v1.4.0beta69
v1.4.0beta7
v1.4.0beta70
v1.4.0beta71
v1.4.0beta73
v1.4.0beta75
v1.4.0beta76
v1.4.0beta77
v1.4.0beta78
v1.4.0beta79
v1.4.0beta8
v1.4.0beta80
v1.4.0beta81
v1.4.0beta82
v1.4.0beta83
v1.4.0beta84
v1.4.0beta85
v1.4.0beta86
v1.4.0beta87
v1.4.0beta89
v1.4.0beta9
v1.4.0beta90
v1.4.0beta91
v1.4.0beta92
v1.4.0beta93
v1.4.0beta94
v1.4.0beta95
v1.4.0beta96
v1.4.0beta98
v1.4.0beta99
v1.4.0rc03
v1.4.0rc04
v1.4.0rc05
v1.4.0rc06
v1.4.0rc07
v1.4.0rc08
v1.5.0
v1.5.0beta01
v1.5.0beta02
v1.5.0beta03
v1.5.0beta04
v1.5.0beta05
v1.5.0beta06
v1.5.0beta07
v1.5.0beta08
v1.5.0beta09
v1.5.0beta11
v1.5.0beta12
v1.5.0beta13
v1.5.0beta14
v1.5.0beta15
v1.5.0beta16
v1.5.0beta17
v1.5.0beta18
v1.5.0beta19
v1.5.0beta20
v1.5.0beta21
v1.5.0beta22
v1.5.0beta23
v1.5.0beta24
v1.5.0beta25
v1.5.0beta26
v1.5.0beta27
v1.5.0beta28
v1.5.0beta29
v1.5.0beta30
v1.5.0beta31
v1.5.0beta32
v1.5.0beta33
v1.5.0beta34
v1.5.0beta35
v1.5.0beta36
v1.5.0beta37
v1.5.0beta38
v1.5.0beta39
v1.5.0beta40
v1.5.0beta41
v1.5.0beta42
v1.5.0beta43
v1.5.0beta44
v1.5.0beta45
v1.5.0beta46
v1.5.0beta47
v1.5.0beta48
v1.5.0beta49
v1.5.0beta50
v1.5.0beta51
v1.5.0beta52
v1.5.0beta53
v1.5.0beta54
v1.5.0beta55
v1.5.0beta56
v1.5.0beta57
v1.5.0beta58
v1.5.0rc01
v1.5.0rc02
v1.5.0rc03
v1.5.0rc05
v1.5.0rc06
v1.5.1
v1.5.1beta01
v1.5.1beta02
v1.5.1beta03
v1.5.1beta04
v1.5.1beta05
v1.5.1beta06
v1.5.1beta07
v1.5.1beta08
v1.5.1beta09
v1.5.1beta10
v1.5.1beta11
v1.5.1rc01
v1.5.1rc02
v1.5.2
v1.5.2beta01
v1.5.2beta02
v1.5.2beta03
v1.5.2rc01
v1.5.2rc02
v1.5.2rc03
v1.5.3beta01
v1.5.3beta02
v1.5.3beta03
v1.5.3beta05
v1.5.3beta06
v1.5.3beta07
v1.5.3beta08
v1.5.3beta09
v1.5.3beta10
v1.5.3beta11
v1.5.3rc01
v1.5.3rc02
v1.5.4
v1.5.4beta01
v1.5.4beta02
v1.5.4beta03
v1.5.4beta04
v1.5.4beta05
v1.5.4beta06
v1.5.4beta07
v1.5.4beta08
v1.5.4rc01
v1.5.5
v1.5.5beta01
v1.5.5beta02
v1.5.5beta03
v1.5.5beta04
v1.5.5beta05
v1.5.5beta06
v1.5.5beta07
v1.5.5beta08
v1.5.5rc01
v1.5.6
v1.5.6beta01
v1.5.6beta02
v1.5.6beta03
v1.5.6beta04
v1.5.6beta05
v1.5.6beta06
v1.5.6beta07
v1.5.6rc01
v1.5.6rc02
v1.5.6rc03
v1.5.7beta01
v1.5.7beta02
v1.5.7beta03
v1.5.7beta04
v1.6.0
v1.6.0beta01
v1.6.0beta02
v1.6.0beta03
v1.6.0beta04
v1.6.0beta05
v1.6.0beta06
v1.6.0beta07
v1.6.0beta08
v1.6.0beta09
v1.6.0beta10
v1.6.0beta11
v1.6.0beta12
v1.6.0beta13
v1.6.0beta14
v1.6.0beta15
v1.6.0beta16
v1.6.0beta17
v1.6.0beta18
v1.6.0beta19
v1.6.0beta21
v1.6.0beta22
v1.6.0beta23
v1.6.0beta24
v1.6.0beta25
v1.6.0beta26
v1.6.0beta27
v1.6.0beta28
v1.6.0beta29
v1.6.0beta30
v1.6.0beta31
v1.6.0beta32
v1.6.0beta33
v1.6.0beta34
v1.6.0beta35
v1.6.0beta36
v1.6.0beta37
v1.6.0beta38
v1.6.0beta39
v1.6.0beta40
v1.6.0rc01
v1.6.0rc02
v1.6.0rc03
v1.6.0rc04
v1.6.0rc05
v1.6.0rc06
v1.6.0rc07
v1.6.0rc08
v1.6.1
v1.6.10
v1.6.10beta01
v1.6.10beta02
v1.6.10rc01
v1.6.10rc02
v1.6.10rc03
v1.6.11
v1.6.11beta01
v1.6.11beta02
v1.6.11beta03
v1.6.11beta04
v1.6.11beta05
v1.6.11beta06
v1.6.11rc01
v1.6.11rc02
v1.6.12
v1.6.12rc01
v1.6.12rc02
v1.6.12rc03
v1.6.13
v1.6.13beta01
v1.6.13beta02
v1.6.13beta03
v1.6.13beta04
v1.6.13rc01
v1.6.14
v1.6.14beta01
v1.6.14beta02
v1.6.14beta03
v1.6.14beta04
v1.6.14beta05
v1.6.14beta06
v1.6.14beta07
v1.6.14rc01
v1.6.14rc02
v1.6.15
v1.6.15beta01
v1.6.15beta02
v1.6.15beta03
v1.6.15beta04
v1.6.15beta05
v1.6.15beta06
v1.6.15beta07
v1.6.15beta08
v1.6.15rc01
v1.6.15rc02
v1.6.15rc03
v1.6.16
v1.6.16beta01
v1.6.16beta02
v1.6.16beta03
v1.6.16rc01
v1.6.16rc02
v1.6.16rc03
v1.6.17
v1.6.17beta01
v1.6.17beta02
v1.6.17beta03
v1.6.17beta04
v1.6.17beta05
v1.6.17rc01
v1.6.17rc02
v1.6.17rc03
v1.6.17rc04
v1.6.17rc05
v1.6.17rc06
v1.6.18
v1.6.18beta01
v1.6.18beta02
v1.6.18beta03
v1.6.18beta04
v1.6.18beta05
v1.6.18beta06
v1.6.18beta07
v1.6.18beta08
v1.6.18beta09
v1.6.18rc01
v1.6.18rc02
v1.6.18rc03
v1.6.19
v1.6.19beta01
v1.6.19beta02
v1.6.19beta03
v1.6.19beta04
v1.6.19rc01
v1.6.19rc02
v1.6.19rc03
v1.6.19rc04
v1.6.1beta01
v1.6.1beta02
v1.6.1beta03
v1.6.1beta04
v1.6.1beta05
v1.6.1beta06
v1.6.1beta07
v1.6.1beta08
v1.6.1beta09
v1.6.1rc01
v1.6.2
v1.6.20beta01
v1.6.20beta02
v1.6.20beta03
v1.6.20rc01
v1.6.20rc02
v1.6.21
v1.6.21beta01
v1.6.21beta02
v1.6.21beta03
v1.6.21rc01
v1.6.21rc02
v1.6.22
v1.6.22beta01
v1.6.22beta02
v1.6.22beta05
v1.6.22beta06
v1.6.22rc01
v1.6.22rc02
v1.6.22rc03
v1.6.23
v1.6.23beta01
v1.6.23rc01
v1.6.23rc02
v1.6.24
v1.6.24beta02
v1.6.24beta03
v1.6.24beta04
v1.6.24beta05
v1.6.24beta06
v1.6.24rc01
v1.6.24rc02
v1.6.24rc03
v1.6.25
v1.6.25beta02
v1.6.25rc04
v1.6.26
v1.6.26beta01
v1.6.26beta02
v1.6.26beta03
v1.6.26beta04
v1.6.26beta05
v1.6.26beta06
v1.6.26rc01
v1.6.27beta01
v1.6.29
v1.6.29beta02
v1.6.29beta03
v1.6.29rc01
v1.6.2beta01
v1.6.2beta02
v1.6.2rc01
v1.6.2rc02
v1.6.2rc03
v1.6.2rc04
v1.6.2rc05
v1.6.2rc06
v1.6.3
v1.6.30
v1.6.30beta01
v1.6.30beta02
v1.6.30beta03
v1.6.30beta04
v1.6.30rc01
v1.6.31
v1.6.31beta01
v1.6.31beta02
v1.6.31beta03
v1.6.31beta04
v1.6.31beta05
v1.6.31beta06
v1.6.31beta07
v1.6.31rc01
v1.6.31rc02
v1.6.32
v1.6.32beta01
v1.6.32beta02
v1.6.32beta03
v1.6.32beta05
v1.6.32beta06
v1.6.32beta07
v1.6.32beta08
v1.6.32beta09
v1.6.32beta10
v1.6.32beta11
v1.6.32rc01
v1.6.32rc02
v1.6.33
v1.6.33beta01
v1.6.33beta02
v1.6.33beta03
v1.6.33rc01
v1.6.33rc02
v1.6.34
v1.6.35
v1.6.35beta01
v1.6.36
v1.6.37
v1.6.38
v1.6.39
v1.6.3beta01
v1.6.3beta02
v1.6.3beta03
v1.6.3beta04
v1.6.3beta05
v1.6.3beta06
v1.6.3beta07
v1.6.3beta08
v1.6.3beta09
v1.6.3beta10
v1.6.3rc01
v1.6.4
v1.6.40
v1.6.41
v1.6.42
v1.6.43
v1.6.44
v1.6.45
v1.6.46
v1.6.47
v1.6.48
v1.6.49
v1.6.4beta02
v1.6.4rc01
v1.6.5
v1.6.50
v1.6.51
v1.6.52
v1.6.53
v1.6.54
v1.6.55
v1.6.6
v1.6.7
v1.6.7beta01
v1.6.7beta02
v1.6.7beta03
v1.6.7beta04
v1.6.7rc01
v1.6.7rc02
v1.6.8
v1.6.8beta01
v1.6.8beta02
v1.6.8rc02
v1.6.9
v1.6.9beta01
v1.6.9beta02
v1.6.9beta03
v1.6.9rc01
v1.6.9rc02

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-33416.json"