{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"MEDIUM" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"['Hello, everyone,\\n\\nThis is an out-of-band notice. Unlike previous libpng announcements,\\nthis one doesn\\'t coincide with a libpng release, and the disclosure\\ncadence differs from the usual coordinated pattern:\\n\\n- The fix landed on the libpng18 development branch (commit\\n faf0692468) approximately one month before this announcement.\\n libpng 1.8.0 is in late beta with no tagged release yet, so\\n there is no upstream release version with which to align the\\n disclosure. Downstream consumers building directly from the\\n libpng18 branch have had the fix available since it landed.\\n- The vulnerable code originates in the third-party libpng-apng\\n patch, which is not under upstream libpng control. The patch\\n is applied downstream by Firefox and Thunderbird, as well as\\n several Linux distributions (Gentoo and LFS/BLFS among others).\\n The libpng-apng maintainer, Daisuke Nishikawa, has since released\\n fixed revisions (libpng-1.6.57-apng.patch v2 and\\n libpng-1.6.58-apng.patch); downstream consumers should either\\n update to those (verifying that both upstream commits are\\n included), or backport the upstream commits themselves (see\\n \"Related fix\" below).\\n\\n=== CVE-2026-40930 ===\\n\\nChunk smuggling in the push-mode APNG parser via unconsumed\\nchunk body\\n\\nSecurity advisory:', 'Fix on libpng18:', \"CVSS 3.1: 5.4 (Medium); CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\\nCWE: CWE-436 (Interpretation Conflict)\\nAffected (upstream): libpng 1.8.0 development branch (libpng18)\\nAffected (downstream): libpng-1.6.49-apng.patch through\\n libpng-1.6.57-apng.patch (original v1) on SourceForge\\nNot affected: upstream libpng 1.6.x releases (no APNG support)\\nFixed (upstream): libpng18 at commit faf0692468\\nFixed (downstream): libpng-1.6.57-apng.patch v2 and\\n libpng-1.6.58-apng.patch on SourceForge, released by the\\n libpng-apng maintainer\\nBuild-time mitigation: building libpng 1.8 with APNG disabled\\n (i.e., without PNG_APNG_SUPPORTED), or building libpng 1.6\\n without the libpng-apng patch, removes the vulnerable code.\\n No runtime workaround exists for push-mode applications.\\n\\nThree inter-frame chunk discard paths in the push-mode APNG parser\\nclear the chunk-header flag without consuming the chunk body and\\nCRC, allowing attacker-controlled bytes inside a discarded chunk\\nto be reinterpreted as a fresh chunk header on the next call to\\npng_process_data.\\n\\nImpact depends on the application's CRC handling:\\n\\n- Default configuration: libpng calls png_error on the resulting\\n CRC mismatch or APNG sequence-number violation, and the image\\n fails to load. Impact is denial of service.\\n- Relaxed configuration (png_set_crc_action with PNG_CRC_QUIET_USE\\n or PNG_CRC_WARN_USE): smuggled bytes reach the APNG sequence\\n counter and the zlib decompressor, and are decoded as frame\\n pixel data. No code execution: zlib output writes into a\\n pre-allocated row buffer. A crafted fake length exceeding the\\n carrier chunk body causes cascading desynchronization beyond\\n the carrier.\\n\\nSequential-mode reading (png_read_info / png_read_row /\\npng_read_end) is not affected. Only push-mode (png_process_data)\\nis vulnerable, and the Gecko-based browsers (for example) use it.\\n\\n=== Related fix ===\\n\\nA sibling defect in the same push-mode fdAT path was reported\\nseparately in GitHub issue pnggroup/libpng#854 and fixed on the\\nlibpng18 branch in commit 9ec49c2d56. It is distinct from\\nCVE-2026-40930 and is not covered by the advisory above.\\nDownstream consumers of libpng-apng should apply both commits to\\nfully remediate the push-mode fdAT path. Those updating to the\\nfixed libpng-apng revisions instead should verify that both commits\\nare included; otherwise, 9ec49c2d56 must be backported separately.\\n\\nRelated fix on libpng18:\", 'Credits:\\n- Seung Min Shin (CVE-2026-40930 discovery)\\n- Ryo Shimada (GitHub issue pnggroup/libpng#854)\\n\\n---\\nCosmin Truta\\nlibpng maintainer']", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40930" }, { "summary":"CVE-2026-40930 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2026/csaf-openeuler-cve-2026-40930.json" }, { "summary":"openEuler-SA-2026-2535", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2535" }, { "summary":"CVE-2026-40930", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40930&packageName=libpng" } ], "title":"openEuler cve CVE-2026-40930", "tracking":{ "initial_release_date":"2026-06-03T14:55:43+08:00", "revision_history":[ { "date":"2026-06-03T14:55:43+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-03T14:55:43+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-03T14:55:43+08:00", "id":"CVE-2026-40930", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-1.6.40-12.oe2403sp3.aarch64.rpm", "name":"libpng-1.6.40-12.oe2403sp3.aarch64.rpm" }, "name":"libpng-1.6.40-12.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64.rpm", "name":"libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64.rpm" }, "name":"libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-debugsource-1.6.40-12.oe2403sp3.aarch64.rpm", "name":"libpng-debugsource-1.6.40-12.oe2403sp3.aarch64.rpm" }, "name":"libpng-debugsource-1.6.40-12.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-devel-1.6.40-12.oe2403sp3.aarch64.rpm", "name":"libpng-devel-1.6.40-12.oe2403sp3.aarch64.rpm" }, "name":"libpng-devel-1.6.40-12.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-static-1.6.40-12.oe2403sp3.aarch64.rpm", "name":"libpng-static-1.6.40-12.oe2403sp3.aarch64.rpm" }, "name":"libpng-static-1.6.40-12.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-tools-1.6.40-12.oe2403sp3.aarch64.rpm", "name":"libpng-tools-1.6.40-12.oe2403sp3.aarch64.rpm" }, "name":"libpng-tools-1.6.40-12.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-1.6.40-12.oe2403sp3.src.rpm", "name":"libpng-1.6.40-12.oe2403sp3.src.rpm" }, "name":"libpng-1.6.40-12.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-1.6.40-12.oe2403sp3.x86_64.rpm", "name":"libpng-1.6.40-12.oe2403sp3.x86_64.rpm" }, "name":"libpng-1.6.40-12.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64.rpm", "name":"libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64.rpm" }, "name":"libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-debugsource-1.6.40-12.oe2403sp3.x86_64.rpm", "name":"libpng-debugsource-1.6.40-12.oe2403sp3.x86_64.rpm" }, "name":"libpng-debugsource-1.6.40-12.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-devel-1.6.40-12.oe2403sp3.x86_64.rpm", "name":"libpng-devel-1.6.40-12.oe2403sp3.x86_64.rpm" }, "name":"libpng-devel-1.6.40-12.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-static-1.6.40-12.oe2403sp3.x86_64.rpm", "name":"libpng-static-1.6.40-12.oe2403sp3.x86_64.rpm" }, "name":"libpng-static-1.6.40-12.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-tools-1.6.40-12.oe2403sp3.x86_64.rpm", "name":"libpng-tools-1.6.40-12.oe2403sp3.x86_64.rpm" }, "name":"libpng-tools-1.6.40-12.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libpng-help-1.6.40-12.oe2403sp3.noarch.rpm", "name":"libpng-help-1.6.40-12.oe2403sp3.noarch.rpm" }, "name":"libpng-help-1.6.40-12.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-1.6.40-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.aarch64", "name":"libpng-1.6.40-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64", "name":"libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-debugsource-1.6.40-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-debugsource-1.6.40-12.oe2403sp3.aarch64", "name":"libpng-debugsource-1.6.40-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-devel-1.6.40-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-devel-1.6.40-12.oe2403sp3.aarch64", "name":"libpng-devel-1.6.40-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-static-1.6.40-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-static-1.6.40-12.oe2403sp3.aarch64", "name":"libpng-static-1.6.40-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-tools-1.6.40-12.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-tools-1.6.40-12.oe2403sp3.aarch64", "name":"libpng-tools-1.6.40-12.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-1.6.40-12.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.src", "name":"libpng-1.6.40-12.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-1.6.40-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.x86_64", "name":"libpng-1.6.40-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64", "name":"libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-debugsource-1.6.40-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-debugsource-1.6.40-12.oe2403sp3.x86_64", "name":"libpng-debugsource-1.6.40-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-devel-1.6.40-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-devel-1.6.40-12.oe2403sp3.x86_64", "name":"libpng-devel-1.6.40-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-static-1.6.40-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-static-1.6.40-12.oe2403sp3.x86_64", "name":"libpng-static-1.6.40-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-tools-1.6.40-12.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-tools-1.6.40-12.oe2403sp3.x86_64", "name":"libpng-tools-1.6.40-12.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libpng-help-1.6.40-12.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libpng-help-1.6.40-12.oe2403sp3.noarch", "name":"libpng-help-1.6.40-12.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-40930", "notes":[ { "text":"['Hello, everyone,\\n\\nThis is an out-of-band notice. Unlike previous libpng announcements,\\nthis one doesn\\'t coincide with a libpng release, and the disclosure\\ncadence differs from the usual coordinated pattern:\\n\\n- The fix landed on the libpng18 development branch (commit\\n faf0692468) approximately one month before this announcement.\\n libpng 1.8.0 is in late beta with no tagged release yet, so\\n there is no upstream release version with which to align the\\n disclosure. Downstream consumers building directly from the\\n libpng18 branch have had the fix available since it landed.\\n- The vulnerable code originates in the third-party libpng-apng\\n patch, which is not under upstream libpng control. The patch\\n is applied downstream by Firefox and Thunderbird, as well as\\n several Linux distributions (Gentoo and LFS/BLFS among others).\\n The libpng-apng maintainer, Daisuke Nishikawa, has since released\\n fixed revisions (libpng-1.6.57-apng.patch v2 and\\n libpng-1.6.58-apng.patch); downstream consumers should either\\n update to those (verifying that both upstream commits are\\n included), or backport the upstream commits themselves (see\\n \"Related fix\" below).\\n\\n=== CVE-2026-40930 ===\\n\\nChunk smuggling in the push-mode APNG parser via unconsumed\\nchunk body\\n\\nSecurity advisory:', 'Fix on libpng18:', \"CVSS 3.1: 5.4 (Medium); CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L\\nCWE: CWE-436 (Interpretation Conflict)\\nAffected (upstream): libpng 1.8.0 development branch (libpng18)\\nAffected (downstream): libpng-1.6.49-apng.patch through\\n libpng-1.6.57-apng.patch (original v1) on SourceForge\\nNot affected: upstream libpng 1.6.x releases (no APNG support)\\nFixed (upstream): libpng18 at commit faf0692468\\nFixed (downstream): libpng-1.6.57-apng.patch v2 and\\n libpng-1.6.58-apng.patch on SourceForge, released by the\\n libpng-apng maintainer\\nBuild-time mitigation: building libpng 1.8 with APNG disabled\\n (i.e., without PNG_APNG_SUPPORTED), or building libpng 1.6\\n without the libpng-apng patch, removes the vulnerable code.\\n No runtime workaround exists for push-mode applications.\\n\\nThree inter-frame chunk discard paths in the push-mode APNG parser\\nclear the chunk-header flag without consuming the chunk body and\\nCRC, allowing attacker-controlled bytes inside a discarded chunk\\nto be reinterpreted as a fresh chunk header on the next call to\\npng_process_data.\\n\\nImpact depends on the application's CRC handling:\\n\\n- Default configuration: libpng calls png_error on the resulting\\n CRC mismatch or APNG sequence-number violation, and the image\\n fails to load. Impact is denial of service.\\n- Relaxed configuration (png_set_crc_action with PNG_CRC_QUIET_USE\\n or PNG_CRC_WARN_USE): smuggled bytes reach the APNG sequence\\n counter and the zlib decompressor, and are decoded as frame\\n pixel data. No code execution: zlib output writes into a\\n pre-allocated row buffer. A crafted fake length exceeding the\\n carrier chunk body causes cascading desynchronization beyond\\n the carrier.\\n\\nSequential-mode reading (png_read_info / png_read_row /\\npng_read_end) is not affected. Only push-mode (png_process_data)\\nis vulnerable, and the Gecko-based browsers (for example) use it.\\n\\n=== Related fix ===\\n\\nA sibling defect in the same push-mode fdAT path was reported\\nseparately in GitHub issue pnggroup/libpng#854 and fixed on the\\nlibpng18 branch in commit 9ec49c2d56. It is distinct from\\nCVE-2026-40930 and is not covered by the advisory above.\\nDownstream consumers of libpng-apng should apply both commits to\\nfully remediate the push-mode fdAT path. Those updating to the\\nfixed libpng-apng revisions instead should verify that both commits\\nare included; otherwise, 9ec49c2d56 must be backported separately.\\n\\nRelated fix on libpng18:\", 'Credits:\\n- Seung Min Shin (CVE-2026-40930 discovery)\\n- Ryo Shimada (GitHub issue pnggroup/libpng#854)\\n\\n---\\nCosmin Truta\\nlibpng maintainer']", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-debugsource-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-devel-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-static-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-tools-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-debugsource-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-devel-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-static-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-tools-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-help-1.6.40-12.oe2403sp3.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-debugsource-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-devel-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-static-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-tools-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-debugsource-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-devel-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-static-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-tools-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-help-1.6.40-12.oe2403sp3.noarch" ], "details":"libpng security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2535" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.4, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-debuginfo-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-debugsource-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-devel-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-static-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-tools-1.6.40-12.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libpng-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-debuginfo-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-debugsource-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-devel-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-static-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-tools-1.6.40-12.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libpng-help-1.6.40-12.oe2403sp3.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-40930" } ] }