PUBLIC MIRROR A read-only public view of Anvil. Only publicly-disclosed findings are shown; the Playbook, techniques, sessions and embargoed research are hidden.

← Findings

LIBPNG-0004

low confirmed

Pull-vs-push APNG decode divergence (CVE-2026-40930 class parser differential)

🔒 Pending public disclosure

Full technical details — the precise location, reproduction, proof-of-concept and the write-up — are withheld until this finding is publicly disclosed in coordination with the upstream maintainers. The classification below is published; the rest will appear here once the advisory is live.

Classification

Targetlibpng
AreaProgressive/push reader
Vuln classlogic
Severitylow
Statusconfirmed
Discovered2026-06-13