Description:
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
libpng-devel-1.6.40-8.el10_1.2.aarch64.rpm |
29c453bfd62a70bccb7fe29e0aa60d08c4012e96cbe74b9eb19ba48d40ac9cdc |
| aarch64 |
libpng-1.6.40-8.el10_1.2.aarch64.rpm |
9c487d6364108e00457eea9fff054a03514356ca459da2671ecd6dd49344886d |
| ppc64le |
libpng-devel-1.6.40-8.el10_1.2.ppc64le.rpm |
2d6bcd1076c3322a71681e34010e83d3aab0c8345c6a6a1bca912c1c3bf25c47 |
| ppc64le |
libpng-1.6.40-8.el10_1.2.ppc64le.rpm |
c8fbd3c22b20bb81be3a026b0bae9e302f0249bfaebc3498382eec7423493892 |
| s390x |
libpng-devel-1.6.40-8.el10_1.2.s390x.rpm |
6818af0777bc74cf82743e92fff09ccc99ae9d0856afbcd003da018f96b59649 |
| s390x |
libpng-1.6.40-8.el10_1.2.s390x.rpm |
d8bb0e3a70f3f40a92b18195d73dfc54e959a5a9578f9e4157b846293775ea76 |
| x86_64 |
libpng-1.6.40-8.el10_1.2.x86_64.rpm |
4a6cbcc1891e63f6cec34644c3e9012aaa35363a40508b9100e94009058f27ed |
| x86_64 |
libpng-devel-1.6.40-8.el10_1.2.x86_64.rpm |
638dad50fe0c821a7cfff913cef410c6f797cab6d83503bc2a21e580d018d52b |
| x86_64_v2 |
libpng-1.6.40-8.el10_1.2.x86_64_v2.rpm |
6e443bb4d0641230b464233e40af651c18bf4aca3dae9dc5938d1d51ae1af24d |
| x86_64_v2 |
libpng-devel-1.6.40-8.el10_1.2.x86_64_v2.rpm |
d4068e19dafda2bff3249cc5b21227368ee8b2b7fe280ad2faa87152820dde5a |
