By weakness (CWE)
CWE-436: related vulnerabilities
CVEs classified under CWE-436. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-40930MEDIUM 5.4
A parsing flaw in libpng 1.8.0's APNG (Animated PNG) handler can cause specially crafted image data to be misinterpreted. When the parser encounters certain frame chunks in an APNG file, it clears internal state flags but fails to skip over the actual chunk data and checksum. On the next data processing call, bytes from the ignored chunk can masquerade as a new chunk header, potentially leading to integrity violations or denial of service. An attacker needs user interaction—typically opening a malicious PNG file—to trigger the issue.