SUSE-SU-2026:1702-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20261702-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1702-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:1702-1
Upstream
  • CVE-2026-34757
Related
Published
2026-05-06T07:42:57Z
Modified
2026-05-07T08:45:20.365214Z
Summary
Security update for libpng12
Details

This update for libpng12 fixes the following issues:

Update to version 1.2.59 (jsc#PED-16191).

  • CVE-2026-33416: use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE can lead to arbitrary code execution (bsc#1260754).
  • CVE-2026-34757: use-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST can lead to corrupted chunk data and potential heap information disclosure (bsc#1261957).
References

Affected packages