LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 th…

CVE-2026-33416 affects LIBPNG versions 1.2.1 through 1.6.55, involving a use-after-free vulnerability in png_set_tRNS and png_set_PLTE functions. The issue stems from heap buffer aliasing between png_struct and png_info structures with independent lifetimes. When png_free_data is called, it frees buffers through info_ptr while leaving corresponding png_ptr pointers dangling. Subsequent row-transform functions then dereference and potentially write to freed memory, creating a serious security vulnerability. The trans_alpha aliasing affects a 256-byte buffer while palette aliasing affects a 768-byte buffer. Version 1.6.56 resolves this critical memory management issue.