{"id":"SUSE-SU-2026:1602-1","summary":"Security update for libpng16","details":"This update for libpng16 fixes the following issue:\n\n- CVE-2026-34757: information disclosure and data corruption due to use-after-free in `png_set_PLTE`, `png_set_tRNS`\n  and `png_set_hIST` (bsc#1261957).\n","modified":"2026-04-25T07:45:49.997944Z","published":"2026-04-24T11:46:29Z","related":["CVE-2026-34757"],"upstream":["CVE-2026-34757"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20261602-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1261957"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-34757"}],"affected":[{"package":{"name":"libpng16","ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","purl":"pkg:rpm/suse/libpng16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.40-150600.3.20.1"}]}],"ecosystem_specific":{"binaries":[{"libpng16-compat-devel":"1.6.40-150600.3.20.1","libpng16-16-32bit":"1.6.40-150600.3.20.1","libpng16-devel":"1.6.40-150600.3.20.1","libpng16-16":"1.6.40-150600.3.20.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1602-1.json"}}],"schema_version":"1.7.5"}