ALSA-2026:4306

[ALSA-2026:4306] Important: mingw-libpng security update

Type:

security

Severity:

important

Release date:

2026-03-13

Description:

MinGW Windows Libpng library.  

Security Fix(es):  

  * libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
  * libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
  * libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
noarch	mingw32-libpng-static-1.6.34-2.el8_10.noarch.rpm	1b4e866aa9f12c2b2a8503a8ece57d9e31c842b3c25daa95087424b216072618
noarch	mingw32-libpng-1.6.34-2.el8_10.noarch.rpm	6629fc3c6dac20f23fbfdf09f1a9f6c186a37da8dce090e014bfc8e19fda9dd3
noarch	mingw64-libpng-1.6.34-2.el8_10.noarch.rpm	6b85fa312b59c2397301d6448c684841831e6083445797611d5a055b6e9adfb3
noarch	mingw64-libpng-static-1.6.34-2.el8_10.noarch.rpm	e201770a44f5e037fcc204982c4aa02ebcba03dd6295ed9ff60025246890cad1

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.