Description:
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
libpng-1.6.34-10.el8_10.aarch64.rpm |
2ca83b6e9414aa7ff5bf7ef228d080468ac59451d8e8b9d58a0d2c9ca135d1da |
| aarch64 |
libpng-devel-1.6.34-10.el8_10.aarch64.rpm |
b4a3396f3bebc6b8f522afc450899343be4a95735d3e2cd96a295d5d8d25c28c |
| i686 |
libpng-devel-1.6.34-10.el8_10.i686.rpm |
26e16b65d6841538afb344a70aad235c7427cef4e1f966cddfdfffe3cbffb896 |
| i686 |
libpng-1.6.34-10.el8_10.i686.rpm |
dcbaf7a04a6f9c06fa042d0bd9fff0e117909cc0fd8e674b899d3d7f6fe17bb5 |
| ppc64le |
libpng-devel-1.6.34-10.el8_10.ppc64le.rpm |
b0d2d4000f8d187655d0b6e754a92b9054a8195c60f8bad3b7875e8321d04800 |
| ppc64le |
libpng-1.6.34-10.el8_10.ppc64le.rpm |
cab5b0eb1b83f68197423a2c9224ee2a9136b8da82506351055df692bddce62e |
| s390x |
libpng-1.6.34-10.el8_10.s390x.rpm |
ba0ea8c0424f9661a10436ab09576d3abc9b857244b496fe9aadf33b2db43bfe |
| s390x |
libpng-devel-1.6.34-10.el8_10.s390x.rpm |
f6c74a58237b7ef2d84c87a92bd62a155926b31cb499c99454af3a41e69b9a1f |
| x86_64 |
libpng-devel-1.6.34-10.el8_10.x86_64.rpm |
5e744c76a2d8bb6a6e592a9b538add271add51015b90fe00fa911157e2f0e954 |
| x86_64 |
libpng-1.6.34-10.el8_10.x86_64.rpm |
5ef6275ead9329486dd0e19d3b66f52c689a350dce1ac046095699eb2dbacf55 |
