CVE-2026-34757

medium

Red Hat

CVSS v3 Base Score

4.4

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

Low

Integrity

Low

Availability

None

Published: April 9, 2026 (35 days ago)

Last Modified: April 9, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in libpng, a library used for handling PNG (Portable Network Graphics) image files. This vulnerability arises when an application reuses a pointer, previously obtained from functions like png_get_PLTE, by passing it back to a corresponding setter function within the same image structure. This action causes the setter to access memory that has already been deallocated, leading to a use-after-free condition. A local attacker could potentially exploit this flaw to corrupt image metadata or disclose sensitive information from the application's memory.

CWE

CWE-825

Affected Products

Red Hat build of OpenJDK 11 ELSRed Hat build of OpenJDK 17Red Hat build of OpenJDK 1.8Red Hat build of OpenJDK 21Red Hat build of OpenJDK 25Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-34757

Vulnerability Report

Description

CWE

Affected Products

References