Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25646 (GCVE-0-2026-25646)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:04 – Updated: 2026-02-11 15:31
VLAI
EPSS
Title
LIBPNG has a heap buffer overflow in png_set_quantize
Summary
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Severity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/pnggroup/libpng/security/advis… | x_refsource_CONFIRM |
| https://github.com/pnggroup/libpng/commit/01d03b8… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-02-10T17:25:31.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:31:50.552532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:31:58.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libpng",
"vendor": "pnggroup",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.55"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T17:04:38.501Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
},
{
"name": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
}
],
"source": {
"advisory": "GHSA-g8hp-mq4h-rqm3",
"discovery": "UNKNOWN"
},
"title": "LIBPNG has a heap buffer overflow in png_set_quantize"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25646",
"datePublished": "2026-02-10T17:04:38.501Z",
"dateReserved": "2026-02-04T05:15:41.791Z",
"dateUpdated": "2026-02-11T15:31:58.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-25646",
"date": "2026-05-25",
"epss": "0.00081",
"percentile": "0.23606"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25646\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-10T18:16:37.817\",\"lastModified\":\"2026-02-13T20:43:44.690\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"},{\"lang\":\"en\",\"value\":\"CWE-126\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.6.55\",\"matchCriteriaId\":\"306EDE73-99CF-4AE7-9B92-C63F68FD63AB\"}]}]}],\"references\":[{\"url\":\"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/02/09/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/02/09/7\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-02-10T17:25:31.583Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25646\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-11T15:31:50.552532Z\"}}}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-11T15:31:37.659Z\"}}], \"cna\": {\"title\": \"LIBPNG has a heap buffer overflow in png_set_quantize\", \"source\": {\"advisory\": \"GHSA-g8hp-mq4h-rqm3\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pnggroup\", \"product\": \"libpng\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.6.55\"}]}], \"references\": [{\"url\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3\", \"name\": \"https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88\", \"name\": \"https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-126\", \"description\": \"CWE-126: Buffer Over-read\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-10T17:04:38.501Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25646\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-11T15:31:58.665Z\", \"dateReserved\": \"2026-02-04T05:15:41.791Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-10T17:04:38.501Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:3968
Vulnerability from csaf_redhat - Published: 2026-03-09 01:56 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: libpng15 security update
Severity
Important
Notes
Topic: An update for libpng15 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.
Security Fix(es):
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng15 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3968",
"url": "https://access.redhat.com/errata/RHSA-2026:3968"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3968.json"
}
],
"title": "Red Hat Security Advisory: libpng15 security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:49+00:00",
"generator": {
"date": "2026-05-20T22:00:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:3968",
"initial_release_date": "2026-03-09T01:56:43+00:00",
"revision_history": [
{
"date": "2026-03-09T01:56:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-09T01:56:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_6.1.src",
"product": {
"name": "libpng15-0:1.5.30-14.el9_6.1.src",
"product_id": "libpng15-0:1.5.30-14.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_6.1.aarch64",
"product": {
"name": "libpng15-0:1.5.30-14.el9_6.1.aarch64",
"product_id": "libpng15-0:1.5.30-14.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_6.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_6.1.ppc64le",
"product": {
"name": "libpng15-0:1.5.30-14.el9_6.1.ppc64le",
"product_id": "libpng15-0:1.5.30-14.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_6.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_6.1.i686",
"product": {
"name": "libpng15-0:1.5.30-14.el9_6.1.i686",
"product_id": "libpng15-0:1.5.30-14.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.i686",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.i686",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_6.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_6.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_6.1.x86_64",
"product": {
"name": "libpng15-0:1.5.30-14.el9_6.1.x86_64",
"product_id": "libpng15-0:1.5.30-14.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_6.1.s390x",
"product": {
"name": "libpng15-0:1.5.30-14.el9_6.1.s390x",
"product_id": "libpng15-0:1.5.30-14.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.aarch64"
},
"product_reference": "libpng15-0:1.5.30-14.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.i686"
},
"product_reference": "libpng15-0:1.5.30-14.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.ppc64le"
},
"product_reference": "libpng15-0:1.5.30-14.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.s390x"
},
"product_reference": "libpng15-0:1.5.30-14.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.src"
},
"product_reference": "libpng15-0:1.5.30-14.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.x86_64"
},
"product_reference": "libpng15-0:1.5.30-14.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.i686"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_6.1.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T01:56:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3968"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:libpng15-0:1.5.30-14.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.i686",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:3969
Vulnerability from csaf_redhat - Published: 2026-03-09 01:35 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: libpng15 security update
Severity
Important
Notes
Topic: An update for libpng15 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.
Security Fix(es):
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng15 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3969",
"url": "https://access.redhat.com/errata/RHSA-2026:3969"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3969.json"
}
],
"title": "Red Hat Security Advisory: libpng15 security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:48+00:00",
"generator": {
"date": "2026-05-20T22:00:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:3969",
"initial_release_date": "2026-03-09T01:35:17+00:00",
"revision_history": [
{
"date": "2026-03-09T01:35:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-09T01:35:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_4.1.src",
"product": {
"name": "libpng15-0:1.5.30-14.el9_4.1.src",
"product_id": "libpng15-0:1.5.30-14.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_4.1.aarch64",
"product": {
"name": "libpng15-0:1.5.30-14.el9_4.1.aarch64",
"product_id": "libpng15-0:1.5.30-14.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_4.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_4.1.ppc64le",
"product": {
"name": "libpng15-0:1.5.30-14.el9_4.1.ppc64le",
"product_id": "libpng15-0:1.5.30-14.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_4.1.i686",
"product": {
"name": "libpng15-0:1.5.30-14.el9_4.1.i686",
"product_id": "libpng15-0:1.5.30-14.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.i686",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.i686",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_4.1.x86_64",
"product": {
"name": "libpng15-0:1.5.30-14.el9_4.1.x86_64",
"product_id": "libpng15-0:1.5.30-14.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_4.1.s390x",
"product": {
"name": "libpng15-0:1.5.30-14.el9_4.1.s390x",
"product_id": "libpng15-0:1.5.30-14.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.aarch64"
},
"product_reference": "libpng15-0:1.5.30-14.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.i686"
},
"product_reference": "libpng15-0:1.5.30-14.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.ppc64le"
},
"product_reference": "libpng15-0:1.5.30-14.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.s390x"
},
"product_reference": "libpng15-0:1.5.30-14.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.src"
},
"product_reference": "libpng15-0:1.5.30-14.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.x86_64"
},
"product_reference": "libpng15-0:1.5.30-14.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.i686"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T01:35:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3969"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:libpng15-0:1.5.30-14.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-debuginfo-0:1.5.30-14.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:libpng15-debugsource-0:1.5.30-14.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:4221
Vulnerability from csaf_redhat - Published: 2026-03-10 18:24 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: libpng15 security update
Severity
Important
Notes
Topic: An update for libpng15 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.
Security Fix(es):
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng15 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4221",
"url": "https://access.redhat.com/errata/RHSA-2026:4221"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4221.json"
}
],
"title": "Red Hat Security Advisory: libpng15 security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:51+00:00",
"generator": {
"date": "2026-05-20T22:00:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:4221",
"initial_release_date": "2026-03-10T18:24:49+00:00",
"revision_history": [
{
"date": "2026-03-10T18:24:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-10T18:24:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_2.1.i686",
"product": {
"name": "libpng15-0:1.5.30-14.el9_2.1.i686",
"product_id": "libpng15-0:1.5.30-14.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.i686",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.i686",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_2.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_2.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_2.1.x86_64",
"product": {
"name": "libpng15-0:1.5.30-14.el9_2.1.x86_64",
"product_id": "libpng15-0:1.5.30-14.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_2.1.s390x",
"product": {
"name": "libpng15-0:1.5.30-14.el9_2.1.s390x",
"product_id": "libpng15-0:1.5.30-14.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_2.1.src",
"product": {
"name": "libpng15-0:1.5.30-14.el9_2.1.src",
"product_id": "libpng15-0:1.5.30-14.el9_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_2.1.aarch64",
"product": {
"name": "libpng15-0:1.5.30-14.el9_2.1.aarch64",
"product_id": "libpng15-0:1.5.30-14.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_2.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_2.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_2.1.ppc64le",
"product": {
"name": "libpng15-0:1.5.30-14.el9_2.1.ppc64le",
"product_id": "libpng15-0:1.5.30-14.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_2.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_2.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.aarch64"
},
"product_reference": "libpng15-0:1.5.30-14.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.i686"
},
"product_reference": "libpng15-0:1.5.30-14.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.ppc64le"
},
"product_reference": "libpng15-0:1.5.30-14.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.s390x"
},
"product_reference": "libpng15-0:1.5.30-14.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_2.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.src"
},
"product_reference": "libpng15-0:1.5.30-14.el9_2.1.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.x86_64"
},
"product_reference": "libpng15-0:1.5.30-14.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.i686"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_2.1.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T18:24:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4221"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.src",
"AppStream-9.2.0.Z.E4S:libpng15-0:1.5.30-14.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_2.1.x86_64",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.aarch64",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.i686",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.ppc64le",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.s390x",
"AppStream-9.2.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:4222
Vulnerability from csaf_redhat - Published: 2026-03-10 17:58 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: libpng15 security update
Severity
Important
Notes
Topic: An update for libpng15 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.
Security Fix(es):
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng15 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4222",
"url": "https://access.redhat.com/errata/RHSA-2026:4222"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4222.json"
}
],
"title": "Red Hat Security Advisory: libpng15 security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:51+00:00",
"generator": {
"date": "2026-05-20T22:00:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:4222",
"initial_release_date": "2026-03-10T17:58:09+00:00",
"revision_history": [
{
"date": "2026-03-10T17:58:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-10T17:58:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_0.1.src",
"product": {
"name": "libpng15-0:1.5.30-14.el9_0.1.src",
"product_id": "libpng15-0:1.5.30-14.el9_0.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_0.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_0.1.aarch64",
"product": {
"name": "libpng15-0:1.5.30-14.el9_0.1.aarch64",
"product_id": "libpng15-0:1.5.30-14.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_0.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_0.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_0.1.ppc64le",
"product": {
"name": "libpng15-0:1.5.30-14.el9_0.1.ppc64le",
"product_id": "libpng15-0:1.5.30-14.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_0.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_0.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_0.1.i686",
"product": {
"name": "libpng15-0:1.5.30-14.el9_0.1.i686",
"product_id": "libpng15-0:1.5.30-14.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_0.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.i686",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.i686",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_0.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_0.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_0.1.x86_64",
"product": {
"name": "libpng15-0:1.5.30-14.el9_0.1.x86_64",
"product_id": "libpng15-0:1.5.30-14.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_0.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_0.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng15-0:1.5.30-14.el9_0.1.s390x",
"product": {
"name": "libpng15-0:1.5.30-14.el9_0.1.s390x",
"product_id": "libpng15-0:1.5.30-14.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15@1.5.30-14.el9_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x",
"product": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x",
"product_id": "libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debugsource@1.5.30-14.el9_0.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x",
"product": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x",
"product_id": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng15-debuginfo@1.5.30-14.el9_0.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.aarch64"
},
"product_reference": "libpng15-0:1.5.30-14.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.i686"
},
"product_reference": "libpng15-0:1.5.30-14.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.ppc64le"
},
"product_reference": "libpng15-0:1.5.30-14.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.s390x"
},
"product_reference": "libpng15-0:1.5.30-14.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_0.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.src"
},
"product_reference": "libpng15-0:1.5.30-14.el9_0.1.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-0:1.5.30-14.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.x86_64"
},
"product_reference": "libpng15-0:1.5.30-14.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64"
},
"product_reference": "libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.i686"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_0.1.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64"
},
"product_reference": "libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-10T17:58:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4222"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.src",
"AppStream-9.0.0.Z.E4S:libpng15-0:1.5.30-14.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-debuginfo-0:1.5.30-14.el9_0.1.x86_64",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.aarch64",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.i686",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.ppc64le",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.s390x",
"AppStream-9.0.0.Z.E4S:libpng15-debugsource-0:1.5.30-14.el9_0.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:4306
Vulnerability from csaf_redhat - Published: 2026-03-11 11:23 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: mingw-libpng security update
Severity
Important
Notes
Topic: An update for mingw-libpng is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: MinGW Windows Libpng library.
Security Fix(es):
* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.
6.6 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for mingw-libpng is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "MinGW Windows Libpng library.\n\nSecurity Fix(es):\n\n* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)\n\n* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4306",
"url": "https://access.redhat.com/errata/RHSA-2026:4306"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4306.json"
}
],
"title": "Red Hat Security Advisory: mingw-libpng security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:53+00:00",
"generator": {
"date": "2026-05-20T22:00:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:4306",
"initial_release_date": "2026-03-11T11:23:12+00:00",
"revision_history": [
{
"date": "2026-03-11T11:23:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-11T11:23:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "mingw-libpng-0:1.6.34-2.el8_10.src",
"product": {
"name": "mingw-libpng-0:1.6.34-2.el8_10.src",
"product_id": "mingw-libpng-0:1.6.34-2.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw-libpng@1.6.34-2.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"product": {
"name": "mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"product_id": "mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng@1.6.34-2.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"product": {
"name": "mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"product_id": "mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng-static@1.6.34-2.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"product": {
"name": "mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"product_id": "mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng@1.6.34-2.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-static-0:1.6.34-2.el8_10.noarch",
"product": {
"name": "mingw64-libpng-static-0:1.6.34-2.el8_10.noarch",
"product_id": "mingw64-libpng-static-0:1.6.34-2.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng-static@1.6.34-2.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"product": {
"name": "mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"product_id": "mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw32-libpng-debuginfo@1.6.34-2.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"product": {
"name": "mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"product_id": "mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mingw64-libpng-debuginfo@1.6.34-2.el8_10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw-libpng-0:1.6.34-2.el8_10.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src"
},
"product_reference": "mingw-libpng-0:1.6.34-2.el8_10.src",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-0:1.6.34-2.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch"
},
"product_reference": "mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch"
},
"product_reference": "mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw32-libpng-static-0:1.6.34-2.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch"
},
"product_reference": "mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-0:1.6.34-2.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch"
},
"product_reference": "mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch"
},
"product_reference": "mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mingw64-libpng-static-0:1.6.34-2.el8_10.noarch as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
},
"product_reference": "mingw64-libpng-static-0:1.6.34-2.el8_10.noarch",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22695",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:52.403246+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428825"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "RHBZ#2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/778",
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
}
],
"release_date": "2026-01-12T22:55:40.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-11T11:23:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4306"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read"
},
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:42.581146+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. An integer truncation flaw in the libpng simplified write API functions (`png_write_image_16bit`, `png_write_image_8bit`) can lead to a heap buffer over-read. Exploitation requires an application to process specially crafted input that provides a negative row stride or a stride exceeding 65535 bytes, potentially resulting in denial of service or information disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "RHBZ#2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"release_date": "2026-01-12T22:57:58.288000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-11T11:23:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4306"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-11T11:23:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4306"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CRB-8.10.0.Z.MAIN.EUS:mingw-libpng-0:1.6.34-2.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw32-libpng-static-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-debuginfo-0:1.6.34-2.el8_10.noarch",
"CRB-8.10.0.Z.MAIN.EUS:mingw64-libpng-static-0:1.6.34-2.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:4501
Vulnerability from csaf_redhat - Published: 2026-03-12 14:50 - Updated: 2026-05-20 16:09Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Severity
Important
Notes
Topic: A Subscription Management tool for finding and reporting Red Hat product usage
Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security (TLS) servers, An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.
5.9 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.
6.1 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.
6.6 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64 | — |
Workaround
|
Threats
Impact
Important
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4501",
"url": "https://access.redhat.com/errata/RHSA-2026:4501"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15281",
"url": "https://access.redhat.com/security/cve/CVE-2025-15281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-0861",
"url": "https://access.redhat.com/security/cve/CVE-2026-0861"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-0915",
"url": "https://access.redhat.com/security/cve/CVE-2026-0915"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1642",
"url": "https://access.redhat.com/security/cve/CVE-2026-1642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22695",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22801",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25646",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4501.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-05-20T16:09:56+00:00",
"generator": {
"date": "2026-05-20T16:09:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:4501",
"initial_release_date": "2026-03-12T14:50:34+00:00",
"revision_history": [
{
"date": "2026-03-12T14:50:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-12T14:50:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T16:09:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1773273243"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Ad167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1773273070"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1773273243"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Af80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1773273070"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-15281",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2026-01-20T14:01:12.320264+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431196"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to find an application linked to the glibc library that is using the wordexp function with the flags WRDE_REUSE and WRDE_APPEND. Also, calls to wordexp using both flags never worked correctly and thus the existence of applications that make use of this feature is unlikely. There is no known application vulnerable to this issue.\n\nFurthermore, this flaw will result in a denial of service with no other security impact.\n\nDue to these reasons, this vulnerability has been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15281"
},
{
"category": "external",
"summary": "RHBZ#2431196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431196"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33814",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33814"
}
],
"release_date": "2026-01-20T13:22:46.495000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-12T14:50:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4501"
},
{
"category": "workaround",
"details": "To mitigate this issue, consider refactoring the use of the wordexp function to not use the WRDE_REUSE and WRDE_APPEND flags together.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory"
},
{
"cve": "CVE-2026-0861",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-01-14T22:01:10.975595+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429771"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: Integer overflow in memalign leads to heap corruption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to find an application linked to the glibc library that is using one of the vulnerable functions (memalign, posix_memalign, aligned_alloc, valloc or pvalloc) in a way that the alignment parameter can be user-controlled, allowing an attacker to trigger the integer overflow. However, the alignment parameter used by the functions is usually hard-coded power of two and do not allow arbitrary values, specially values supplied by a user. There is no known application vulnerable to this issue.\n\nAlso, default Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and memory protections significantly increase the difficult of achieving arbitrary code execution, limiting the impact of this vulnerability.\n\nDue to these reasons, this vulnerability has been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0861"
},
{
"category": "external",
"summary": "RHBZ#2429771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33796",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33796"
}
],
"release_date": "2026-01-14T21:01:11.037000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-12T14:50:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4501"
},
{
"category": "workaround",
"details": "Applications calling one of the vulnerable functions and allowing the alignment parameter to be set by user-controlled input can implement additional validations checks, ensuring the alignment value is a power of two and does not exceed a sane limit, for example the system page size or a maximum of 64KB. This prevents the excessively large value required to trigger the integer overflow.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "glibc: Integer overflow in memalign leads to heap corruption"
},
{
"cve": "CVE-2026-0915",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2026-01-15T23:01:26.157678+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430201"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system\u0027s `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Information disclosure via zero-valued network query",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. It allows for information disclosure of stack contents to a configured DNS resolver when an application utilizes `getnetbyaddr` or `getnetbyaddr_r` with a DNS backend specified in `nsswitch.conf` for a zero-valued network query. This affects Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0915"
},
{
"category": "external",
"summary": "RHBZ#2430201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33802"
}
],
"release_date": "2026-01-15T22:08:41.630000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-12T14:50:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4501"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Information disclosure via zero-valued network query"
},
{
"cve": "CVE-2026-1642",
"cwe": {
"id": "CWE-349",
"name": "Acceptance of Extraneous Untrusted Data With Trusted Data"
},
"discovery_date": "2026-02-04T16:00:52.156255+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436738"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security (TLS) servers, An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker\u0027s control\u2014may be able to inject plain text data into the response from an upstream proxied server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1642"
},
{
"category": "external",
"summary": "RHBZ#2436738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1642"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000159824",
"url": "https://my.f5.com/manage/s/article/K000159824"
}
],
"release_date": "2026-02-04T15:02:06.154000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-12T14:50:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4501"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections"
},
{
"cve": "CVE-2026-22695",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:52.403246+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428825"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "RHBZ#2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/778",
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
}
],
"release_date": "2026-01-12T22:55:40.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-12T14:50:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4501"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read"
},
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:42.581146+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. An integer truncation flaw in the libpng simplified write API functions (`png_write_image_16bit`, `png_write_image_8bit`) can lead to a heap buffer over-read. Exploitation requires an application to process specially crafted input that provides a negative row stride or a stride exceeding 65535 bytes, potentially resulting in denial of service or information disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "RHBZ#2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"release_date": "2026-01-12T22:57:58.288000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-12T14:50:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4501"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-12T14:50:34+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4501"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:14856acc3c3e5403f53638618e7754e7fd73ffd2738ebae0a9f4f87da971dd28_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:78ecba931b8e5ddcb90229391c486b9bddd367a75764e6299762290436f9eaab_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:d167d7926b4a9e7bb51cab5108ad3e826a3ae826536924e8d4129f826c6c5de5_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:f80b4635aa39ed1f1633277939dd8a54374a65fc9fd24cc31a4bd88cdc3cde6d_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:4728
Vulnerability from csaf_redhat - Published: 2026-03-17 10:23 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: libpng security update
Severity
Important
Notes
Topic: An update for libpng is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.
6.1 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.
6.6 (Medium)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
31 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)\n\n* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4728",
"url": "https://access.redhat.com/errata/RHSA-2026:4728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4728.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:54+00:00",
"generator": {
"date": "2026-05-20T22:00:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:4728",
"initial_release_date": "2026-03-17T10:23:47+00:00",
"revision_history": [
{
"date": "2026-03-17T10:23:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-17T10:23:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-10.el8_10.src",
"product": {
"name": "libpng-2:1.6.34-10.el8_10.src",
"product_id": "libpng-2:1.6.34-10.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-10.el8_10?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-10.el8_10.aarch64",
"product": {
"name": "libpng-2:1.6.34-10.el8_10.aarch64",
"product_id": "libpng-2:1.6.34-10.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-10.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-10.el8_10.aarch64",
"product": {
"name": "libpng-devel-2:1.6.34-10.el8_10.aarch64",
"product_id": "libpng-devel-2:1.6.34-10.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-10.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"product_id": "libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-10.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product_id": "libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-10.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-10.el8_10?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-10.el8_10?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-10.el8_10.ppc64le",
"product": {
"name": "libpng-2:1.6.34-10.el8_10.ppc64le",
"product_id": "libpng-2:1.6.34-10.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-10.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"product_id": "libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-10.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-10.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-10.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-10.el8_10?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-10.el8_10?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-10.el8_10.i686",
"product": {
"name": "libpng-2:1.6.34-10.el8_10.i686",
"product_id": "libpng-2:1.6.34-10.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-10.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-10.el8_10.i686",
"product": {
"name": "libpng-devel-2:1.6.34-10.el8_10.i686",
"product_id": "libpng-devel-2:1.6.34-10.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-10.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-10.el8_10.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.i686",
"product_id": "libpng-debugsource-2:1.6.34-10.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-10.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"product_id": "libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-10.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-10.el8_10?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-10.el8_10?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-10.el8_10.x86_64",
"product": {
"name": "libpng-2:1.6.34-10.el8_10.x86_64",
"product_id": "libpng-2:1.6.34-10.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-10.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-10.el8_10.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-10.el8_10.x86_64",
"product_id": "libpng-devel-2:1.6.34-10.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-10.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-10.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-10.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-10.el8_10?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-10.el8_10?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-10.el8_10.s390x",
"product": {
"name": "libpng-2:1.6.34-10.el8_10.s390x",
"product_id": "libpng-2:1.6.34-10.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-10.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-10.el8_10.s390x",
"product": {
"name": "libpng-devel-2:1.6.34-10.el8_10.s390x",
"product_id": "libpng-devel-2:1.6.34-10.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-10.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"product_id": "libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-10.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"product_id": "libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-10.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-10.el8_10?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-10.el8_10?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-10.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64"
},
"product_reference": "libpng-2:1.6.34-10.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-10.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686"
},
"product_reference": "libpng-2:1.6.34-10.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-10.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le"
},
"product_reference": "libpng-2:1.6.34-10.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-10.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x"
},
"product_reference": "libpng-2:1.6.34-10.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-10.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src"
},
"product_reference": "libpng-2:1.6.34-10.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-10.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64"
},
"product_reference": "libpng-2:1.6.34-10.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-10.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-10.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-10.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-10.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64"
},
"product_reference": "libpng-devel-2:1.6.34-10.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-10.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686"
},
"product_reference": "libpng-devel-2:1.6.34-10.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-10.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-10.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x"
},
"product_reference": "libpng-devel-2:1.6.34-10.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-10.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-10.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22695",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:52.403246+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428825"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "RHBZ#2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/778",
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
}
],
"release_date": "2026-01-12T22:55:40.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T10:23:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4728"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read"
},
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:42.581146+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. An integer truncation flaw in the libpng simplified write API functions (`png_write_image_16bit`, `png_write_image_8bit`) can lead to a heap buffer over-read. Exploitation requires an application to process specially crafted input that provides a negative row stride or a stride exceeding 65535 bytes, potentially resulting in denial of service or information disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "RHBZ#2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"release_date": "2026-01-12T22:57:58.288000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T10:23:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4728"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T10:23:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4728"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-debugsource-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-devel-debuginfo-2:1.6.34-10.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libpng-tools-debuginfo-2:1.6.34-10.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:4729
Vulnerability from csaf_redhat - Published: 2026-03-17 09:57 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: libpng security update
Severity
Important
Notes
Topic: An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.
6.1 (Medium)
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.
6.6 (Medium)
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)\n\n* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4729",
"url": "https://access.redhat.com/errata/RHSA-2026:4729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4729.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:54+00:00",
"generator": {
"date": "2026-05-20T22:00:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:4729",
"initial_release_date": "2026-03-17T09:57:48+00:00",
"revision_history": [
{
"date": "2026-03-17T09:57:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-17T09:57:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.2.ppc64le",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.2.ppc64le",
"product_id": "libpng-2:1.6.34-8.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.2?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.2.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.2.src",
"product_id": "libpng-2:1.6.34-8.el8_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.2?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.2.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.2.i686",
"product_id": "libpng-2:1.6.34-8.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.2.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.2.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.2?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_8.2.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_8.2.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_8.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_8.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_8.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_8.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_8.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_8.2?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.2.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.2.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.2.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22695",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:52.403246+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428825"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "RHBZ#2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/778",
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
}
],
"release_date": "2026-01-12T22:55:40.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T09:57:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4729"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read"
},
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:42.581146+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. An integer truncation flaw in the libpng simplified write API functions (`png_write_image_16bit`, `png_write_image_8bit`) can lead to a heap buffer over-read. Exploitation requires an application to process specially crafted input that provides a negative row stride or a stride exceeding 65535 bytes, potentially resulting in denial of service or information disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "RHBZ#2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"release_date": "2026-01-12T22:57:58.288000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T09:57:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4729"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T09:57:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4729"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:libpng-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:4730
Vulnerability from csaf_redhat - Published: 2026-03-17 10:17 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: libpng security update
Severity
Important
Notes
Topic: An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.
6.1 (Medium)
Affected products
Fixed
57 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.
6.6 (Medium)
Affected products
Fixed
57 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
57 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)\n\n* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4730",
"url": "https://access.redhat.com/errata/RHSA-2026:4730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4730.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:51+00:00",
"generator": {
"date": "2026-05-20T22:00:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:4730",
"initial_release_date": "2026-03-17T10:17:07+00:00",
"revision_history": [
{
"date": "2026-03-17T10:17:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-17T10:17:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.2.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.2.i686",
"product_id": "libpng-2:1.6.34-8.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.2.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.2?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.2.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.2.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.2?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.2.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.2.src",
"product_id": "libpng-2:1.6.34-8.el8_6.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.2?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.2.ppc64le",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.2.ppc64le",
"product_id": "libpng-2:1.6.34-8.el8_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.2?arch=ppc64le\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.2?arch=ppc64le\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.2.aarch64",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.2.aarch64",
"product_id": "libpng-2:1.6.34-8.el8_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.2?arch=aarch64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.2?arch=aarch64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_6.2.s390x",
"product": {
"name": "libpng-2:1.6.34-8.el8_6.2.s390x",
"product_id": "libpng-2:1.6.34-8.el8_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_6.2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"product_id": "libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_6.2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_6.2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_6.2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_6.2?arch=s390x\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_6.2?arch=s390x\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22695",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:52.403246+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428825"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "RHBZ#2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/778",
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
}
],
"release_date": "2026-01-12T22:55:40.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T10:17:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4730"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read"
},
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:42.581146+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. An integer truncation flaw in the libpng simplified write API functions (`png_write_image_16bit`, `png_write_image_8bit`) can lead to a heap buffer over-read. Exploitation requires an application to process specially crafted input that provides a negative row stride or a stride exceeding 65535 bytes, potentially resulting in denial of service or information disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "RHBZ#2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"release_date": "2026-01-12T22:57:58.288000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T10:17:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T10:17:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4730"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.AUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.E4S:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.aarch64",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.ppc64le",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.s390x",
"BaseOS-8.6.0.Z.E4S:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.src",
"BaseOS-8.6.0.Z.TUS:libpng-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-debugsource-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-devel-debuginfo-2:1.6.34-8.el8_6.2.x86_64",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.i686",
"BaseOS-8.6.0.Z.TUS:libpng-tools-debuginfo-2:1.6.34-8.el8_6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
RHSA-2026:4731
Vulnerability from csaf_redhat - Published: 2026-03-17 09:40 - Updated: 2026-05-20 22:00Summary
Red Hat Security Advisory: libpng security update
Severity
Important
Notes
Topic: An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.
6.1 (Medium)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.
6.6 (Medium)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Affected products
Fixed
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libpng is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.\n\nSecurity Fix(es):\n\n* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)\n\n* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4731",
"url": "https://access.redhat.com/errata/RHSA-2026:4731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4731.json"
}
],
"title": "Red Hat Security Advisory: libpng security update",
"tracking": {
"current_release_date": "2026-05-20T22:00:51+00:00",
"generator": {
"date": "2026-05-20T22:00:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:4731",
"initial_release_date": "2026-03-17T09:40:22+00:00",
"revision_history": [
{
"date": "2026-03-17T09:40:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-17T09:40:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T22:00:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.2.x86_64",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.2.x86_64",
"product_id": "libpng-2:1.6.34-8.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"product_id": "libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.2?arch=x86_64\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.2?arch=x86_64\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.2.i686",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.2.i686",
"product_id": "libpng-2:1.6.34-8.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-2:1.6.34-8.el8_4.2.i686",
"product": {
"name": "libpng-devel-2:1.6.34-8.el8_4.2.i686",
"product_id": "libpng-devel-2:1.6.34-8.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel@1.6.34-8.el8_4.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"product": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"product_id": "libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debugsource@1.6.34-8.el8_4.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product_id": "libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-debuginfo@1.6.34-8.el8_4.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product_id": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-devel-debuginfo@1.6.34-8.el8_4.2?arch=i686\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product_id": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng-tools-debuginfo@1.6.34-8.el8_4.2?arch=i686\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libpng-2:1.6.34-8.el8_4.2.src",
"product": {
"name": "libpng-2:1.6.34-8.el8_4.2.src",
"product_id": "libpng-2:1.6.34-8.el8_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libpng@1.6.34-8.el8_4.2?arch=src\u0026epoch=2"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.2.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.2.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.2.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
},
"product_reference": "libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22695",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:52.403246+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428825"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "RHBZ#2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/778",
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
}
],
"release_date": "2026-01-12T22:55:40.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T09:40:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4731"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read"
},
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:42.581146+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. An integer truncation flaw in the libpng simplified write API functions (`png_write_image_16bit`, `png_write_image_8bit`) can lead to a heap buffer over-read. Exploitation requires an application to process specially crafted input that provides a negative row stride or a stride exceeding 65535 bytes, potentially resulting in denial of service or information disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "RHBZ#2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"release_date": "2026-01-12T22:57:58.288000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T09:40:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4731"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-17T09:40:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4731"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-debugsource-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-devel-debuginfo-2:1.6.34-8.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libpng-tools-debuginfo-2:1.6.34-8.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…