Release date:
2026-05-18 18:10:01 UTC
Description:
- CVE-2026-34757: Use snapshot-before-free and defer-free patterns to prevent use-after-free when a caller passes a pointer obtained from png_get_PLTE, png_get_tRNS, png_get_hIST, png_get_text, png_get_sPLT, or png_get_unknown_chunks back into the corresponding setter (issues 836 and 837)
Updated packages:
-
libpng15-1.5.30-14.el9.tuxcare.els3.i686.rpm
sha:7bb5791b925cff00cf8c9bff2283cccb483efe9302eb21eb41a6847151c54dca
-
libpng15-1.5.30-14.el9.tuxcare.els3.x86_64.rpm
sha:5a6971688a3dc6ad13b663bda30d6e6208f281d4b497471ff45fb69c7879e3b4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
