Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33416 (GCVE-0-2026-33416)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:48 – Updated: 2026-04-01 03:55- CWE-416 - Use After Free
| URL | Tags |
|---|---|
| https://github.com/pnggroup/libpng/security/advis… | x_refsource_CONFIRM |
| https://github.com/pnggroup/libpng/pull/824 | x_refsource_MISC |
| https://github.com/pnggroup/libpng/commit/2301926… | x_refsource_MISC |
| https://github.com/pnggroup/libpng/commit/7ea9eea… | x_refsource_MISC |
| https://github.com/pnggroup/libpng/commit/a3a2144… | x_refsource_MISC |
| https://github.com/pnggroup/libpng/commit/c1b0318… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T03:55:17.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.1, \u003c 1.6.56"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:48:54.174Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
},
{
"name": "https://github.com/pnggroup/libpng/pull/824",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"name": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"name": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"name": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"name": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
}
],
"source": {
"advisory": "GHSA-m4pc-p4q3-4c7j",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33416",
"datePublished": "2026-03-26T16:48:54.174Z",
"dateReserved": "2026-03-19T17:02:34.172Z",
"dateUpdated": "2026-04-01T03:55:17.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33416",
"date": "2026-07-03",
"epss": "0.01052",
"percentile": "0.60174"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33416\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-26T17:16:38.443\",\"lastModified\":\"2026-06-17T10:37:27.583\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.\"},{\"lang\":\"es\",\"value\":\"LIBPNG es una biblioteca de referencia para su uso en aplicaciones que leen, crean y manipulan archivos de imagen r\u00e1ster PNG (Portable Network Graphics). En las versiones 1.2.1 a 1.6.55, \u0027png_set_tRNS\u0027 y \u0027png_set_PLTE\u0027 cada una aliasan un b\u00fafer asignado en el heap entre \u0027png_struct\u0027 y \u0027png_info\u0027, compartiendo una \u00fanica asignaci\u00f3n entre dos estructuras con vidas \u00fatiles independientes. El aliasing de \u0027trans_alpha\u0027 ha estado presente desde al menos libpng 1.0, y el aliasing de \u0027palette\u0027 desde al menos 1.2.1. Ambos afectan a todas las l\u00edneas de versiones anteriores: \u0027png_set_tRNS\u0027 establece \u0027png_ptr-\u0026gt;trans_alpha = info_ptr-\u0026gt;trans_alpha\u0027 (b\u00fafer de 256 bytes) y \u0027png_set_PLTE\u0027 establece \u0027info_ptr-\u0026gt;palette = png_ptr-\u0026gt;palette\u0027 (b\u00fafer de 768 bytes). En ambos casos, llamar a \u0027png_free_data\u0027 (con \u0027PNG_FREE_TRNS\u0027 o \u0027PNG_FREE_PLTE\u0027) libera el b\u00fafer a trav\u00e9s de \u0027info_ptr\u0027 mientras que el puntero \u0027png_ptr\u0027 correspondiente permanece colgante. Las funciones de transformaci\u00f3n de fila subsiguientes desreferencian y, en algunas rutas de c\u00f3digo, escriben en la memoria liberada. Una segunda llamada a \u0027png_set_tRNS\u0027 o \u0027png_set_PLTE\u0027 tiene el mismo efecto, porque ambas funciones llaman internamente a \u0027png_free_data\u0027 antes de reasignar el b\u00fafer de \u0027info_ptr\u0027. La versi\u00f3n 1.6.56 corrige el problema.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"pnggroup\",\"product\":\"libpng\",\"versions\":[{\"version\":\"\u003e= 1.2.1, \u003c 1.6.56\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-31T00:00:00+00:00\",\"id\":\"CVE-2026-33416\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2.1\",\"versionEndExcluding\":\"1.6.56\",\"matchCriteriaId\":\"C54F2804-F7D5-4BC5-B39A-44300C6A6F98\"}]}]}],\"references\":[{\"url\":\"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/pull/824\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33416\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-26T19:49:05.196519Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-26T19:50:41.189Z\"}}], \"cna\": {\"title\": \"LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`\", \"source\": {\"advisory\": \"GHSA-m4pc-p4q3-4c7j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"pnggroup\", \"product\": \"libpng\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.2.1, \u003c 1.6.56\"}]}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j\", \"name\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pnggroup/libpng/pull/824\", \"name\": \"https://github.com/pnggroup/libpng/pull/824\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb\", \"name\": \"https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667\", \"name\": \"https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25\", \"name\": \"https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1\", \"name\": \"https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416: Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-26T16:48:54.174Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33416\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-01T03:55:17.603Z\", \"dateReserved\": \"2026-03-19T17:02:34.172Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-26T16:48:54.174Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:29898
Vulnerability from csaf_redhat - Published: 2026-06-25 11:28 - Updated: 2026-06-30 02:09A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29898",
"url": "https://access.redhat.com/errata/RHSA-2026:29898"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29898.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-06-30T02:09:48+00:00",
"generator": {
"date": "2026-06-30T02:09:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:29898",
"initial_release_date": "2026-06-25T11:28:35+00:00",
"revision_history": [
{
"date": "2026-06-25T11:28:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T11:28:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T02:09:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-11.el8_10.src",
"product": {
"name": "libpng-2:1.6.34-11.el8_10.src",
"product_id": "libpng-2:1.6.34-11.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-11.el8_10?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-11.el8_10.aarch64",
"product": {
"name": "libpng-2:1.6.34-11.el8_10.aarch64",
"product_id": "libpng-2:1.6.34-11.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-11.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-11.el8_10.aarch64",
"product": {
"name": "libpng-devel-2:1.6.34-11.el8_10.aarch64",
"product_id": "libpng-devel-2:1.6.34-11.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-11.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-11.el8_10.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.aarch64",
"product_id": "libpng-debugsource-2:1.6.34-11.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-11.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product_id": "libpng-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-11.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-11.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-11.el8_10?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-11.el8_10.ppc64le",
"product": {
"name": "libpng-2:1.6.34-11.el8_10.ppc64le",
"product_id": "libpng-2:1.6.34-11.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-11.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-11.el8_10.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-11.el8_10.ppc64le",
"product_id": "libpng-devel-2:1.6.34-11.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-11.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-11.el8_10.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-11.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-11.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-11.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-11.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-11.el8_10?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-11.el8_10.i686",
"product": {
"name": "libpng-2:1.6.34-11.el8_10.i686",
"product_id": "libpng-2:1.6.34-11.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-11.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-11.el8_10.i686",
"product": {
"name": "libpng-devel-2:1.6.34-11.el8_10.i686",
"product_id": "libpng-devel-2:1.6.34-11.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-11.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-11.el8_10.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.i686",
"product_id": "libpng-debugsource-2:1.6.34-11.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-11.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.i686",
"product_id": "libpng-debuginfo-2:1.6.34-11.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-11.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-11.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-11.el8_10?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-11.el8_10.x86_64",
"product": {
"name": "libpng-2:1.6.34-11.el8_10.x86_64",
"product_id": "libpng-2:1.6.34-11.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-11.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-11.el8_10.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-11.el8_10.x86_64",
"product_id": "libpng-devel-2:1.6.34-11.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-11.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-11.el8_10.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-11.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-11.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-11.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-11.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-11.el8_10?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-11.el8_10.s390x",
"product": {
"name": "libpng-2:1.6.34-11.el8_10.s390x",
"product_id": "libpng-2:1.6.34-11.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-11.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-11.el8_10.s390x",
"product": {
"name": "libpng-devel-2:1.6.34-11.el8_10.s390x",
"product_id": "libpng-devel-2:1.6.34-11.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-11.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-11.el8_10.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.s390x",
"product_id": "libpng-debugsource-2:1.6.34-11.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-11.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.s390x",
"product_id": "libpng-debuginfo-2:1.6.34-11.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-11.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-11.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-11.el8_10?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-11.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.aarch64"
},
"product_reference": "libpng-2:1.6.34-11.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-11.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.i686"
},
"product_reference": "libpng-2:1.6.34-11.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-11.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.ppc64le"
},
"product_reference": "libpng-2:1.6.34-11.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-11.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.s390x"
},
"product_reference": "libpng-2:1.6.34-11.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-11.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.src"
},
"product_reference": "libpng-2:1.6.34-11.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-11.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.x86_64"
},
"product_reference": "libpng-2:1.6.34-11.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-11.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-11.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.34-11.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-11.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-11.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.34-11.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-11.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-11.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.34-11.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-11.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-11.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-11.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.aarch64"
},
"product_reference": "libpng-devel-2:1.6.34-11.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-11.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.i686"
},
"product_reference": "libpng-devel-2:1.6.34-11.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-11.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-11.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-11.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.s390x"
},
"product_reference": "libpng-devel-2:1.6.34-11.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-11.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-11.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T11:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29898"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-11.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-11.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
}
]
}
RHSA-2026:29900
Vulnerability from csaf_redhat - Published: 2026-06-25 10:33 - Updated: 2026-06-30 02:09A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29900",
"url": "https://access.redhat.com/errata/RHSA-2026:29900"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29900.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-06-30T02:09:59+00:00",
"generator": {
"date": "2026-06-30T02:09:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:29900",
"initial_release_date": "2026-06-25T10:33:50+00:00",
"revision_history": [
{
"date": "2026-06-25T10:33:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T10:33:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T02:09:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.3.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.3.src",
"product_id": "libpng-2:1.6.34-8.el8_8.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.3?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.3.ppc64le",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.3.ppc64le",
"product_id": "libpng-2:1.6.34-8.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.3.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.3.ppc64le",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.3?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.3?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.3.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.3.i686",
"product_id": "libpng-2:1.6.34-8.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.3.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.3.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.3?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.3.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.3.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.3?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.ppc64le"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.3.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.3.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.3.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.3.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T10:33:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29900"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.3.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
}
]
}
RHSA-2026:29901
Vulnerability from csaf_redhat - Published: 2026-06-25 10:34 - Updated: 2026-06-30 02:10A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29901",
"url": "https://access.redhat.com/errata/RHSA-2026:29901"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29901.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-06-30T02:10:04+00:00",
"generator": {
"date": "2026-06-30T02:10:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:29901",
"initial_release_date": "2026-06-25T10:34:45+00:00",
"revision_history": [
{
"date": "2026-06-25T10:34:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T10:34:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T02:10:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.3.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.3.src",
"product_id": "libpng-2:1.6.34-8.el8_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.3?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.3.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.3.i686",
"product_id": "libpng-2:1.6.34-8.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.3.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.3.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.3?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.3.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.3.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.3?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.3.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.3.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.3.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.3.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T10:34:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29901"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.src",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.i686",
"BaseOS-8.6.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
}
]
}
RHSA-2026:29902
Vulnerability from csaf_redhat - Published: 2026-06-25 10:24 - Updated: 2026-06-30 02:10A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:29902",
"url": "https://access.redhat.com/errata/RHSA-2026:29902"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29902.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-06-30T02:10:04+00:00",
"generator": {
"date": "2026-06-30T02:10:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:29902",
"initial_release_date": "2026-06-25T10:24:45+00:00",
"revision_history": [
{
"date": "2026-06-25T10:24:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-25T10:24:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T02:10:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.3.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.3.src",
"product_id": "libpng-2:1.6.34-8.el8_4.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.3?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.3.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.3.i686",
"product_id": "libpng-2:1.6.34-8.el8_4.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_4.3.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_4.3.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_4.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.3?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.3?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.3.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.3.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_4.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.3?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.3?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.3.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.3.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.3.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.3.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-25T10:24:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:29902"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.3.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
}
]
}
RHSA-2026:33313
Vulnerability from csaf_redhat - Published: 2026-06-29 22:05 - Updated: 2026-07-03 07:49A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Workaround
|
A flaw was found in the ngx_http_rewrite_module module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures and a replacement string that references multiple such captures in a redirect or arguments context, an unauthenticated attacker can send crafted HTTP requests and cause a heap-based buffer overflow in the worker process, potentially allowing code execution or a denial of service by forcing the process to restart.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33313",
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34459",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-10911",
"url": "https://access.redhat.com/security/cve/CVE-2025-10911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13151",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5278",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-71319",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33416",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33636",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41411",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-8643",
"url": "https://access.redhat.com/security/cve/CVE-2026-8643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9256",
"url": "https://access.redhat.com/security/cve/CVE-2026-9256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33313.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-07-03T07:49:20+00:00",
"generator": {
"date": "2026-07-03T07:49:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33313",
"initial_release_date": "2026-06-29T22:05:31+00:00",
"revision_history": [
{
"date": "2026-06-29T22:05:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T22:05:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T07:49:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1782763840"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Ae9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1782756541"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1782763840"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1782756541"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34459",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects the xmllint program when the `--htmlout\u0027 command line option is used. Additionally, an application is not vulnerable if it does not use or expose the xmllint program.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "RHBZ#2280532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the xmllint program.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c"
},
{
"acknowledgments": [
{
"names": [
"Mohamed Maatallah"
]
}
],
"cve": "CVE-2025-5278",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-05-27T13:50:20.148000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368764"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GNU Coreutils. The sort utility\u0027s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is considered Moderate rather than Critical because successful exploitation requires the use of the traditional key specification syntax with an exceptionally large character position value, which is uncommon in typical usage. Although the vulnerability can lead to a heap buffer overflow resulting in a read one byte before the allocated buffer, it does not enable code execution, privilege escalation, or direct compromise of data confidentiality or integrity. The impact is therefore primarily limited to potential service disruption due to application crashes.\n\nFurthermore, default RHEL configurations such as SELinux enforcement, ASLR, and memory protections reduce the likelihood of exploitation and limit the scope of any resulting impact. These safeguards, along with typical system usage patterns that do not commonly invoke the vulnerable code path, restrict exploitability in default and hardened environments. Consequently, the vulnerability\u2019s overall security impact is mitigated compared to flaws that allow immediate code execution or broader compromise across system components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "RHBZ#2368764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633",
"url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
},
{
"category": "external",
"summary": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507",
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
}
],
"release_date": "2025-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification"
},
{
"cve": "CVE-2025-10911",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-09-24T12:46:50.095000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: use-after-free with key data stored cross-RVT",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-10911"
},
{
"category": "external",
"summary": "RHBZ#2397838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10911"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77"
}
],
"release_date": "2025-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: use-after-free with key data stored cross-RVT"
},
{
"cve": "CVE-2025-13151",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-07T22:01:02.206250+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A stack-based buffer overflow in the `libtasn1` library, specifically within the `asn1_expend_octet_string` function, can be triggered by failing to validate input data size. This could allow a remote, unauthenticated attacker to cause a denial of service in applications utilizing `libtasn1`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "RHBZ#2427698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1",
"url": "https://gitlab.com/gnutls/libtasn1"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121",
"url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"
}
],
"release_date": "2026-01-07T21:14:05.223000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string"
},
{
"cve": "CVE-2025-71319",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-06-09T21:01:11.339286+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `image-size` component, which can be triggered remotely by processing specially crafted JXL, HEIF, or JP2 image files containing zero-sized boxes. This flaw can lead to an application hang due to an infinite loop in the `findBox` function, impacting the availability of services that rely on this image processing library within Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"category": "external",
"summary": "RHBZ#2487296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-71319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319"
},
{
"category": "external",
"summary": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7",
"url": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-findbox-function",
"url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-findbox-function"
}
],
"release_date": "2026-06-09T19:57:16.125000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images."
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-8643",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-04-22T23:09:35+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in pip\u0027s wheel installation process allows for arbitrary file overwrite due to path traversal. An attacker could exploit this by convincing a user to install a specially crafted malicious Python wheel. While file overwrites are limited to the installing user\u0027s permissions, using `pip install` with elevated privileges in Red Hat environments significantly increases the potential impact, potentially leading to system integrity compromise or arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-8643"
},
{
"category": "external",
"summary": "RHBZ#2460927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-8643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-8643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8643"
},
{
"category": "external",
"summary": "https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb",
"url": "https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb"
}
],
"release_date": "2026-05-27T17:03:36.585000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid installing Python wheels from untrusted sources. It is strongly advised against using `pip install` with elevated privileges, such as `sudo`, when installing wheels. Additionally, administrators should inspect `entry_points.txt` within wheels for path separators or absolute paths before installation.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite"
},
{
"cve": "CVE-2026-9256",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2026-05-22T15:00:55.131994+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480746"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ngx_http_rewrite_module module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures and a replacement string that references multiple such captures in a redirect or arguments context, an unauthenticated attacker can send crafted HTTP requests and cause a heap-based buffer overflow in the worker process, potentially allowing code execution or a denial of service by forcing the process to restart.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: ngx_http_rewrite_module: code execution and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, a rewrite directive must be configured with a regex pattern that uses distinct, overlapping PCRE captures and a replacement string referencing multiple such captures, limiting its exposure as this is not the default configuration. This issue allows an attacker to potentially execute arbitrary code or cause a denial of service by forcing the worker process to restart.\n\nDefault Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability.\n\nDue to these reasons, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9256"
},
{
"category": "external",
"summary": "RHBZ#2480746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9256"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9256"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000161377",
"url": "https://my.f5.com/manage/s/article/K000161377"
}
],
"release_date": "2026-05-22T14:11:41.877000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, use named captures instead of unnamed captures in rewrite definitions.\n\nFor example, the following rewrite directive uses unnamed PCRE capture groups, $1 and $2:\n\n~~~\nrewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1\u0026tab=$2 last;\n~~~\n\nTo mitigate this vulnerability for this example, replace $1 and $2 with the appropriate named captures, $user_id and $section:\n\n~~~\nrewrite ^/users/(?\u003cuser_id\u003e[0-9]+)/profile/(?\u003csection\u003e.*)$ /profile.php?id=$user_id\u0026tab=$section last;\n~~~",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nginx: ngx_http_rewrite_module: code execution and denial of service"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
},
{
"cve": "CVE-2026-41411",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-24T18:01:49.275019+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461614"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "RHBZ#2461614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41411",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb",
"url": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0357",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0357"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8",
"url": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8"
}
],
"release_date": "2026-04-24T16:51:39.657000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue involves exercising caution when opening or processing tag files from untrusted sources. Users should avoid loading tag files from unknown or suspicious origins to prevent the execution of arbitrary commands.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:6732
Vulnerability from csaf_redhat - Published: 2026-04-07 06:21 - Updated: 2026-06-30 04:34A flaw was found in libpng. A local attacker can exploit a buffer overflow vulnerability in the pngimage utility when processed with AddressSanitizer (ASan). This flaw causes memory leaks, leading to high memory usage and ultimately rendering the program unresponsive, resulting in a denial of service.
A flaw was found in libpng. This buffer overflow vulnerability allows a local attacker to cause a denial of service (DoS) by exploiting the `png_create_read_struct()` function. This can lead to the affected system becoming unresponsive or crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A buffer over read flaw has been discovered in libpng. A heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng. A local attacker could exploit this vulnerability by manipulating the width/height arguments in the `do_pnm2png` function of the `pnm2png` component. This manipulation causes a heap-based buffer overflow, which could lead to information disclosure and denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:libpng-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:libpng-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nlibpng:\n * libpng-1.6.56-1.hum1 (aarch64, x86_64)\n * libpng-devel-1.6.56-1.hum1 (aarch64, x86_64)\n * libpng-static-1.6.56-1.hum1 (aarch64, x86_64)\n * libpng-tools-1.6.56-1.hum1 (aarch64, x86_64)\n * libpng-1.6.56-1.hum1.src (source)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6732",
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65018",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64720",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64506",
"url": "https://access.redhat.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64505",
"url": "https://access.redhat.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22801",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22695",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-28164",
"url": "https://access.redhat.com/security/cve/CVE-2025-28164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-28162",
"url": "https://access.redhat.com/security/cve/CVE-2025-28162"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33636",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33416",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66293",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3713",
"url": "https://access.redhat.com/security/cve/CVE-2026-3713"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25646",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6732.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-30T04:34:33+00:00",
"generator": {
"date": "2026-06-30T04:34:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:6732",
"initial_release_date": "2026-04-07T06:21:37+00:00",
"revision_history": [
{
"date": "2026-04-07T06:21:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T20:01:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:34:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-main@aarch64",
"product": {
"name": "libpng-main@aarch64",
"product_id": "libpng-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.56-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-main@src",
"product": {
"name": "libpng-main@src",
"product_id": "libpng-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.56-1.hum1?arch=source\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-main@x86_64",
"product": {
"name": "libpng-main@x86_64",
"product_id": "libpng-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.56-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libpng-main@aarch64"
},
"product_reference": "libpng-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libpng-main@src"
},
"product_reference": "libpng-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:libpng-main@x86_64"
},
"product_reference": "libpng-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-28162",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-27T16:02:53.673282+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433407"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A local attacker can exploit a buffer overflow vulnerability in the pngimage utility when processed with AddressSanitizer (ASan). This flaw causes memory leaks, leading to high memory usage and ultimately rendering the program unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of Service via buffer overflow in pngimage utility",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-28162"
},
{
"category": "external",
"summary": "RHBZ#2433407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433407"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-28162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-28162",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28162"
},
{
"category": "external",
"summary": "https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60",
"url": "https://gist.github.com/kittener/fbfdb9b5610c6b3db0d5dea045a07c60"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/656",
"url": "https://github.com/pnggroup/libpng/issues/656"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of Service via buffer overflow in pngimage utility"
},
{
"cve": "CVE-2025-28164",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-27T16:01:50.214802+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433398"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. This buffer overflow vulnerability allows a local attacker to cause a denial of service (DoS) by exploiting the `png_create_read_struct()` function. This can lead to the affected system becoming unresponsive or crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a MODERATE impact vulnerability affecting libpng versions 1.6.43-1.6.46. A local attacker can exploit a buffer overflow in the `png_create_read_struct()` function, leading to a denial of service. Exploitation requires the attacker to have local access to the system and provide a specially crafted PNG file.\n\nFor `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-28164"
},
{
"category": "external",
"summary": "RHBZ#2433398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-28164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-28164"
},
{
"category": "external",
"summary": "https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20",
"url": "https://gist.github.com/kittener/506516f8c22178005b4379c8b2a7de20"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/655",
"url": "https://github.com/pnggroup/libpng/issues/655"
}
],
"release_date": "2026-01-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "To mitigate the risk of denial of service, users should avoid processing untrusted PNG image files with applications that utilize libpng. Exercise caution when opening or viewing PNG files from unknown or suspicious sources.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of Service via buffer overflow in png_create_read_struct() function"
},
{
"cve": "CVE-2025-64505",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:57.884428+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416905"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer over-read vulnerability exists in libpng\u0027s png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow via malformed palette index",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. It affects applications that process specially crafted PNG files using the vulnerable `libpng` library. Exploitation requires user interaction, where a victim must open or process a malicious PNG image, leading to a heap buffer over-read. This could result in information disclosure or application crash.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64505"
},
{
"category": "external",
"summary": "RHBZ#2416905",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416905"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64505",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64505"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37",
"url": "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/748",
"url": "https://github.com/pnggroup/libpng/pull/748"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42"
}
],
"release_date": "2025-11-24T23:38:40.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: LIBPNG heap buffer overflow via malformed palette index"
},
{
"cve": "CVE-2025-64506",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:01:01.690031+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416906"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over read flaw has been discovered in libpng. A heap buffer over-read vulnerability exists in libpng\u0027s png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer over-read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read in libpng\u0027s `png_write_image_8bit` function can occur when processing specially crafted 8-bit PNG images. Exploitation requires user interaction, such as opening a malicious PNG file, and could lead to an application level denial of service or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64506"
},
{
"category": "external",
"summary": "RHBZ#2416906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64506"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821",
"url": "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/749",
"url": "https://github.com/pnggroup/libpng/pull/749"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6"
}
],
"release_date": "2025-11-24T23:41:09.207000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: LIBPNG heap buffer over-read"
},
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important as it affects libpng, a widely used library for PNG image processing. The flaw is due to an out-of-bounds read in libpng\u2019s simplified API when handling specially crafted PNG images containing partial transparency and gamma correction data. Successful exploitation could result in information disclosure or cause application crashes in applications processing untrusted PNG content.\n\nFor `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
},
{
"cve": "CVE-2026-3713",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-03-08T07:00:54.323109+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445566"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A local attacker could exploit this vulnerability by manipulating the width/height arguments in the `do_pnm2png` function of the `pnm2png` component. This manipulation causes a heap-based buffer overflow, which could lead to information disclosure and denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This MODERATE impact heap-based buffer overflow in the `pnm2png` utility of libpng requires local execution to exploit.\n\nThe libpng packages shipped with Red Hat Enterprise Linux are not affected by this vulnerability.\n\nThe issue originates from the pnm2png utility present in the upstream libpng source tree under the contrib/pngminus/ directory. This component is not part of the libpng build process in RHEL, is not included in the packaging specification, and is not present in any shipped binary RPMs.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3713"
},
{
"category": "external",
"summary": "RHBZ#2445566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445566"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3713"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3713",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3713"
},
{
"category": "external",
"summary": "https://github.com/biniamf/pocs/tree/main/pnm2png",
"url": "https://github.com/biniamf/pocs/tree/main/pnm2png"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/",
"url": "https://github.com/pnggroup/libpng/"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/794",
"url": "https://github.com/pnggroup/libpng/issues/794"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.349658",
"url": "https://vuldb.com/?ctiid.349658"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.349658",
"url": "https://vuldb.com/?id.349658"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.761996",
"url": "https://vuldb.com/?submit.761996"
}
],
"release_date": "2026-03-08T06:02:11.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid processing untrusted image data with the `pnm2png` utility. Restrict execution of `pnm2png` to trusted users and ensure that only trusted image files are processed.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service"
},
{
"cve": "CVE-2026-22695",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:52.403246+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428825"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "RHBZ#2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/778",
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
}
],
"release_date": "2026-01-12T22:55:40.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read"
},
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:42.581146+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. An integer truncation flaw in the libpng simplified write API functions (`png_write_image_16bit`, `png_write_image_8bit`) can lead to a heap buffer over-read. Exploitation requires an application to process specially crafted input that provides a negative row stride or a stride exceeding 65535 bytes, potentially resulting in denial of service or information disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "RHBZ#2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"release_date": "2026-01-12T22:57:58.288000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T06:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6732"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:libpng-main@aarch64",
"Red Hat Hardened Images:libpng-main@src",
"Red Hat Hardened Images:libpng-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
}
]
}
RHSA-2026:7671
Vulnerability from csaf_redhat - Published: 2026-04-13 02:29 - Updated: 2026-06-30 04:20A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\n* libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)\n\n* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)\n\n* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)\n\n* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7671",
"url": "https://access.redhat.com/errata/RHSA-2026:7671"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "2455897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897"
},
{
"category": "external",
"summary": "2455901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901"
},
{
"category": "external",
"summary": "2455908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7671.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2026-06-30T04:20:21+00:00",
"generator": {
"date": "2026-06-30T04:20:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:7671",
"initial_release_date": "2026-04-13T02:29:51+00:00",
"revision_history": [
{
"date": "2026-04-13T02:29:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:29:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:20:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el9_7.src",
"product": {
"name": "firefox-0:140.9.1-1.el9_7.src",
"product_id": "firefox-0:140.9.1-1.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el9_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el9_7.aarch64",
"product": {
"name": "firefox-0:140.9.1-1.el9_7.aarch64",
"product_id": "firefox-0:140.9.1-1.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:140.9.1-1.el9_7.aarch64",
"product": {
"name": "firefox-x11-0:140.9.1-1.el9_7.aarch64",
"product_id": "firefox-x11-0:140.9.1-1.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@140.9.1-1.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"product_id": "firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"product_id": "firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el9_7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el9_7.ppc64le",
"product": {
"name": "firefox-0:140.9.1-1.el9_7.ppc64le",
"product_id": "firefox-0:140.9.1-1.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"product": {
"name": "firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"product_id": "firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@140.9.1-1.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"product_id": "firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"product_id": "firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el9_7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el9_7.x86_64",
"product": {
"name": "firefox-0:140.9.1-1.el9_7.x86_64",
"product_id": "firefox-0:140.9.1-1.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:140.9.1-1.el9_7.x86_64",
"product": {
"name": "firefox-x11-0:140.9.1-1.el9_7.x86_64",
"product_id": "firefox-x11-0:140.9.1-1.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@140.9.1-1.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"product_id": "firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"product_id": "firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el9_7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el9_7.s390x",
"product": {
"name": "firefox-0:140.9.1-1.el9_7.s390x",
"product_id": "firefox-0:140.9.1-1.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:140.9.1-1.el9_7.s390x",
"product": {
"name": "firefox-x11-0:140.9.1-1.el9_7.s390x",
"product_id": "firefox-x11-0:140.9.1-1.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@140.9.1-1.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"product_id": "firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"product_id": "firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el9_7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64"
},
"product_reference": "firefox-0:140.9.1-1.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le"
},
"product_reference": "firefox-0:140.9.1-1.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x"
},
"product_reference": "firefox-0:140.9.1-1.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src"
},
"product_reference": "firefox-0:140.9.1-1.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64"
},
"product_reference": "firefox-0:140.9.1-1.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:140.9.1-1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64"
},
"product_reference": "firefox-x11-0:140.9.1-1.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:140.9.1-1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le"
},
"product_reference": "firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:140.9.1-1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x"
},
"product_reference": "firefox-x11-0:140.9.1-1.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:140.9.1-1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
},
"product_reference": "firefox-x11-0:140.9.1-1.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-5731",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T13:01:15.389776+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5731"
},
{
"category": "external",
"summary": "RHBZ#2455901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5731"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5731",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5731"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5731",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5731"
}
],
"release_date": "2026-04-07T12:43:11.895000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:29:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7671"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
},
{
"cve": "CVE-2026-5732",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-07T13:01:39.095775+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions, integer overflow in the Graphics: Text component",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5732"
},
{
"category": "external",
"summary": "RHBZ#2455908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5732"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5732",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5732"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5732",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5732"
}
],
"release_date": "2026-04-07T12:43:12.829000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:29:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7671"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component"
},
{
"cve": "CVE-2026-5734",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T13:01:01.022958+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455897"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5734"
},
{
"category": "external",
"summary": "RHBZ#2455897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5734"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5734",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5734"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5734",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5734"
}
],
"release_date": "2026-04-07T12:43:14.833000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:29:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7671"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:29:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7671"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:29:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7671"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:firefox-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-debugsource-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:firefox-x11-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
}
]
}
RHSA-2026:7672
Vulnerability from csaf_redhat - Published: 2026-04-13 02:23 - Updated: 2026-06-30 04:20A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\n* libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)\n\n* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)\n\n* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)\n\n* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7672",
"url": "https://access.redhat.com/errata/RHSA-2026:7672"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "2455897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897"
},
{
"category": "external",
"summary": "2455901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901"
},
{
"category": "external",
"summary": "2455908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7672.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2026-06-30T04:20:21+00:00",
"generator": {
"date": "2026-06-30T04:20:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:7672",
"initial_release_date": "2026-04-13T02:23:37+00:00",
"revision_history": [
{
"date": "2026-04-13T02:23:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-13T02:23:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:20:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el10_1.src",
"product": {
"name": "firefox-0:140.9.1-1.el10_1.src",
"product_id": "firefox-0:140.9.1-1.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el10_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el10_1.aarch64",
"product": {
"name": "firefox-0:140.9.1-1.el10_1.aarch64",
"product_id": "firefox-0:140.9.1-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"product_id": "firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"product_id": "firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el10_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el10_1.ppc64le",
"product": {
"name": "firefox-0:140.9.1-1.el10_1.ppc64le",
"product_id": "firefox-0:140.9.1-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"product_id": "firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"product_id": "firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el10_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el10_1.s390x",
"product": {
"name": "firefox-0:140.9.1-1.el10_1.s390x",
"product_id": "firefox-0:140.9.1-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"product_id": "firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"product_id": "firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el10_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el10_1.x86_64",
"product": {
"name": "firefox-0:140.9.1-1.el10_1.x86_64",
"product_id": "firefox-0:140.9.1-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el10_1.x86_64",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el10_1.x86_64",
"product_id": "firefox-debugsource-0:140.9.1-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"product_id": "firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el10_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64"
},
"product_reference": "firefox-0:140.9.1-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le"
},
"product_reference": "firefox-0:140.9.1-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x"
},
"product_reference": "firefox-0:140.9.1-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src"
},
"product_reference": "firefox-0:140.9.1-1.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64"
},
"product_reference": "firefox-0:140.9.1-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-5731",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T13:01:15.389776+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5731"
},
{
"category": "external",
"summary": "RHBZ#2455901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5731"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5731",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5731"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5731",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5731"
}
],
"release_date": "2026-04-07T12:43:11.895000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:23:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7672"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
},
{
"cve": "CVE-2026-5732",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-07T13:01:39.095775+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions, integer overflow in the Graphics: Text component",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5732"
},
{
"category": "external",
"summary": "RHBZ#2455908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5732"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5732",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5732"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5732",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5732"
}
],
"release_date": "2026-04-07T12:43:12.829000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:23:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7672"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component"
},
{
"cve": "CVE-2026-5734",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T13:01:01.022958+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455897"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5734"
},
{
"category": "external",
"summary": "RHBZ#2455897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5734"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5734",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5734"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5734",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5734"
}
],
"release_date": "2026-04-07T12:43:14.833000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:23:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7672"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:23:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7672"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-13T02:23:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.src",
"AppStream-10.1.Z:firefox-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debuginfo-0:140.9.1-1.el10_1.x86_64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.aarch64",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.ppc64le",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.s390x",
"AppStream-10.1.Z:firefox-debugsource-0:140.9.1-1.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
}
]
}
RHSA-2026:8052
Vulnerability from csaf_redhat - Published: 2026-04-14 11:50 - Updated: 2026-06-30 04:20A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\n* libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)\n\n* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)\n\n* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)\n\n* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8052",
"url": "https://access.redhat.com/errata/RHSA-2026:8052"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "2455897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897"
},
{
"category": "external",
"summary": "2455901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901"
},
{
"category": "external",
"summary": "2455908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8052.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2026-06-30T04:20:22+00:00",
"generator": {
"date": "2026-06-30T04:20:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:8052",
"initial_release_date": "2026-04-14T11:50:27+00:00",
"revision_history": [
{
"date": "2026-04-14T11:50:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-14T11:50:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:20:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el8_10.src",
"product": {
"name": "firefox-0:140.9.1-1.el8_10.src",
"product_id": "firefox-0:140.9.1-1.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el8_10.aarch64",
"product": {
"name": "firefox-0:140.9.1-1.el8_10.aarch64",
"product_id": "firefox-0:140.9.1-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"product_id": "firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"product_id": "firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el8_10.ppc64le",
"product": {
"name": "firefox-0:140.9.1-1.el8_10.ppc64le",
"product_id": "firefox-0:140.9.1-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"product_id": "firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"product_id": "firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el8_10.x86_64",
"product": {
"name": "firefox-0:140.9.1-1.el8_10.x86_64",
"product_id": "firefox-0:140.9.1-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el8_10.x86_64",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el8_10.x86_64",
"product_id": "firefox-debugsource-0:140.9.1-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"product_id": "firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:140.9.1-1.el8_10.s390x",
"product": {
"name": "firefox-0:140.9.1-1.el8_10.s390x",
"product_id": "firefox-0:140.9.1-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@140.9.1-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"product": {
"name": "firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"product_id": "firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@140.9.1-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"product": {
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"product_id": "firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@140.9.1-1.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64"
},
"product_reference": "firefox-0:140.9.1-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le"
},
"product_reference": "firefox-0:140.9.1-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x"
},
"product_reference": "firefox-0:140.9.1-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src"
},
"product_reference": "firefox-0:140.9.1-1.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:140.9.1-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64"
},
"product_reference": "firefox-0:140.9.1-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:140.9.1-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64"
},
"product_reference": "firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:140.9.1-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
},
"product_reference": "firefox-debugsource-0:140.9.1-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-5731",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T13:01:15.389776+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5731"
},
{
"category": "external",
"summary": "RHBZ#2455901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5731"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5731",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5731"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5731",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5731"
}
],
"release_date": "2026-04-07T12:43:11.895000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T11:50:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8052"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
},
{
"cve": "CVE-2026-5732",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-07T13:01:39.095775+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions, integer overflow in the Graphics: Text component",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5732"
},
{
"category": "external",
"summary": "RHBZ#2455908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5732"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5732",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5732"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5732",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5732"
}
],
"release_date": "2026-04-07T12:43:12.829000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T11:50:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8052"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component"
},
{
"cve": "CVE-2026-5734",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T13:01:01.022958+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455897"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5734"
},
{
"category": "external",
"summary": "RHBZ#2455897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5734"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5734",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5734"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5734",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5734"
}
],
"release_date": "2026-04-07T12:43:14.833000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T11:50:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8052"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T11:50:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8052"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T11:50:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8052"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debuginfo-0:140.9.1-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:firefox-debugsource-0:140.9.1-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
}
]
}
RHSA-2026:8459
Vulnerability from csaf_redhat - Published: 2026-04-16 12:56 - Updated: 2026-06-30 04:20A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\n* libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)\n\n* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)\n\n* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)\n\n* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8459",
"url": "https://access.redhat.com/errata/RHSA-2026:8459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "2455897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897"
},
{
"category": "external",
"summary": "2455901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901"
},
{
"category": "external",
"summary": "2455908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8459.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2026-06-30T04:20:22+00:00",
"generator": {
"date": "2026-06-30T04:20:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:8459",
"initial_release_date": "2026-04-16T12:56:50+00:00",
"revision_history": [
{
"date": "2026-04-16T12:56:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-16T12:56:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T04:20:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:140.9.1-1.el9_7.src",
"product": {
"name": "thunderbird-0:140.9.1-1.el9_7.src",
"product_id": "thunderbird-0:140.9.1-1.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@140.9.1-1.el9_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:140.9.1-1.el9_7.aarch64",
"product": {
"name": "thunderbird-0:140.9.1-1.el9_7.aarch64",
"product_id": "thunderbird-0:140.9.1-1.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@140.9.1-1.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"product": {
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"product_id": "thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@140.9.1-1.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"product_id": "thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@140.9.1-1.el9_7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:140.9.1-1.el9_7.ppc64le",
"product": {
"name": "thunderbird-0:140.9.1-1.el9_7.ppc64le",
"product_id": "thunderbird-0:140.9.1-1.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@140.9.1-1.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"product_id": "thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@140.9.1-1.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"product_id": "thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@140.9.1-1.el9_7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:140.9.1-1.el9_7.x86_64",
"product": {
"name": "thunderbird-0:140.9.1-1.el9_7.x86_64",
"product_id": "thunderbird-0:140.9.1-1.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@140.9.1-1.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64",
"product": {
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64",
"product_id": "thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@140.9.1-1.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"product_id": "thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@140.9.1-1.el9_7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:140.9.1-1.el9_7.s390x",
"product": {
"name": "thunderbird-0:140.9.1-1.el9_7.s390x",
"product_id": "thunderbird-0:140.9.1-1.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@140.9.1-1.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"product": {
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"product_id": "thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@140.9.1-1.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"product": {
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"product_id": "thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@140.9.1-1.el9_7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:140.9.1-1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64"
},
"product_reference": "thunderbird-0:140.9.1-1.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:140.9.1-1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le"
},
"product_reference": "thunderbird-0:140.9.1-1.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:140.9.1-1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x"
},
"product_reference": "thunderbird-0:140.9.1-1.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:140.9.1-1.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src"
},
"product_reference": "thunderbird-0:140.9.1-1.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:140.9.1-1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64"
},
"product_reference": "thunderbird-0:140.9.1-1.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x"
},
"product_reference": "thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64"
},
"product_reference": "thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x"
},
"product_reference": "thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
},
"product_reference": "thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-5731",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T13:01:15.389776+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455901"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5731"
},
{
"category": "external",
"summary": "RHBZ#2455901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5731"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5731",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5731"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5731",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5731"
}
],
"release_date": "2026-04-07T12:43:11.895000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T12:56:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
},
{
"cve": "CVE-2026-5732",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-07T13:01:39.095775+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nIncorrect boundary conditions, integer overflow in the Graphics: Text component",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5732"
},
{
"category": "external",
"summary": "RHBZ#2455908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5732"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5732",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5732"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5732",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5732"
}
],
"release_date": "2026-04-07T12:43:12.829000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T12:56:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component"
},
{
"cve": "CVE-2026-5734",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-04-07T13:01:01.022958+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455897"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5734"
},
{
"category": "external",
"summary": "RHBZ#2455897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455897"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5734"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5734",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-27/#CVE-2026-5734"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5734",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-29/#CVE-2026-5734"
}
],
"release_date": "2026-04-07T12:43:14.833000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T12:56:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T12:56:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8459"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T12:56:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8459"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.src",
"AppStream-9.7.0.Z.MAIN:thunderbird-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debuginfo-0:140.9.1-1.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:thunderbird-debugsource-0:140.9.1-1.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.