Advisories » MGASA-2026-0070

Updated libpng packages fix security vulnerabilities

Publication date: 28 Mar 2026
Modification date: 28 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-33416 , CVE-2026-33636

Description

Use-after-free via pointer aliasing in png_set_tRNS and png_set_PLTE.
(CVE-2026-33416)
Out-of-bounds read/write in the palette expansion on ARM Neon.
(CVE-2026-33636)

References

SRPMS

9/core

libpng-1.6.38-1.5.mga9