{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-34757: Use snapshot-before-free and defer-free patterns to prevent use-after-free when a caller passes a pointer obtained from png_get_PLTE, png_get_tRNS, png_get_hIST, png_get_text, png_get_sPLT, or png_get_unknown_chunks back into the corresponding setter (issues 836 and 837)", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779129500", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779129500" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1779129500.json" } ], "tracking": { "current_release_date": "2026-05-18T18:38:52Z", "generator": { "date": "2026-05-18T18:38:52Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1779129500", "initial_release_date": "2026-05-18T18:38:52Z", "revision_history": [ { "date": "2026-05-18T18:38:52Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "libpng15: Fix of CVE-2026-34757" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libpng15-0:1.5.30-14.el9.tuxcare.els3.i686", "product": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els3.i686", "product_id": "libpng15-0:1.5.30-14.el9.tuxcare.els3.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libpng15@1.5.30-14.el9.tuxcare.els3?arch=i686" } } }, { "category": "product_version", "name": "libpng15-0:1.5.30-14.el9.tuxcare.els2.i686", "product": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els2.i686", "product_id": "libpng15-0:1.5.30-14.el9.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libpng15@1.5.30-14.el9.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "libpng15-0:1.5.30-14.el9.tuxcare.els1.i686", "product": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els1.i686", "product_id": "libpng15-0:1.5.30-14.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libpng15@1.5.30-14.el9.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64", "product": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64", "product_id": "libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libpng15@1.5.30-14.el9.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "libpng15-0:1.5.30-14.el9.tuxcare.els2.x86_64", "product": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els2.x86_64", "product_id": "libpng15-0:1.5.30-14.el9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libpng15@1.5.30-14.el9.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "libpng15-0:1.5.30-14.el9.tuxcare.els1.x86_64", "product": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els1.x86_64", "product_id": "libpng15-0:1.5.30-14.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libpng15@1.5.30-14.el9.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els3.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els3.i686" }, "product_reference": "libpng15-0:1.5.30-14.el9.tuxcare.els3.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64" }, "product_reference": "libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els2.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els2.i686" }, "product_reference": "libpng15-0:1.5.30-14.el9.tuxcare.els2.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els2.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els2.x86_64" }, "product_reference": "libpng15-0:1.5.30-14.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els1.i686" }, "product_reference": "libpng15-0:1.5.30-14.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libpng15-0:1.5.30-14.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els1.x86_64" }, "product_reference": "libpng15-0:1.5.30-14.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-34757", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els3.i686", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64" ], "known_affected": [ "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els1.i686", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els2.i686", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-34757" }, { "category": "external", "summary": "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", "url": "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a" }, { "category": "external", "summary": "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "url": "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc" }, { "category": "external", "summary": "https://github.com/pnggroup/libpng/issues/836", "url": "https://github.com/pnggroup/libpng/issues/836" }, { "category": "external", "summary": "https://github.com/pnggroup/libpng/issues/837", "url": "https://github.com/pnggroup/libpng/issues/837" }, { "category": "external", "summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", "url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html" } ], "release_date": "2026-04-09T15:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-18T18:38:22.667691Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1779129500", "product_ids": [ "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els3.i686", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1779129500" }, { "category": "none_available", "date": "2026-04-09T15:16:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els1.i686", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els2.i686", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els3.i686", "AlmaLinux-9.2:libpng15-0:1.5.30-14.el9.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }