MEDIUM
pnggroup
CVE published 2026-06-04
CVE-2026-40930
A vulnerability was discovered in LIBPNG 1.8.0, a reference library for processing PNG raster image files. The issue lies in the push-mode APNG parser, where three inter-frame chunk discard paths clear the chunk-header flag without consuming the chunk body and CRC. This allows attacker-controlled bytes inside an ignored ancillary chunk to be reinterpreted as a fresh chunk header on the next call to `png_p [truncated]