CVE-2026-3713

medium

Red Hat

CVSS v3 Base Score

5.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Published: March 8, 2026

Last Modified: March 8, 2026

Vendor: Red Hat

Description

A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE

CWE-131

Affected Products

Red Hat build of OpenJDK 11 ELSRed Hat build of OpenJDK 17Red Hat build of OpenJDK 1.8Red Hat build of OpenJDK 21Red Hat build of OpenJDK 25Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2026-3713

Vulnerability Report

Description

CWE

Affected Products

References