Description:
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
libpng-devel-1.6.37-12.el9_7.2.aarch64.rpm |
01748dcd9c6c9a294038709b9b0dd7672bfb0c5b657118490a69c06a0c91dac1 |
| aarch64 |
libpng-1.6.37-12.el9_7.2.aarch64.rpm |
caf352c949c97adb6d63bab87ebe9593f302170ea904fe439ef4412db4ab2b4d |
| i686 |
libpng-devel-1.6.37-12.el9_7.2.i686.rpm |
0c704b37749c27fb4f129158a5bd4dc9a5c964f4f67979d7be77cfc5b1b6d26f |
| i686 |
libpng-1.6.37-12.el9_7.2.i686.rpm |
d79a53dd492239df6285e3118c5e3c57417e2738e06183d45cbd9be968fc408b |
| ppc64le |
libpng-1.6.37-12.el9_7.2.ppc64le.rpm |
c1d6c93b150726362b703f9e263369e1ea9ac59c3e8345b83a8460e9d8825bfe |
| ppc64le |
libpng-devel-1.6.37-12.el9_7.2.ppc64le.rpm |
f77d5de41fb42e79d20b008a88ceb086027209b3284bc1d5e6848467df534fba |
| s390x |
libpng-1.6.37-12.el9_7.2.s390x.rpm |
8066d24a06a04e640faf2330c44b7ffec3f58439d6bd35cab6b61773035b659e |
| s390x |
libpng-devel-1.6.37-12.el9_7.2.s390x.rpm |
adb06d262131f487cf31fa585972166c4fe97f040bba0ccfee0cf2ba7d6b6ba8 |
| x86_64 |
libpng-1.6.37-12.el9_7.2.x86_64.rpm |
0091dcf5df650a127f06d364c152b36dbde38a417d88372511ddd92ffffdee6a |
| x86_64 |
libpng-devel-1.6.37-12.el9_7.2.x86_64.rpm |
0ba9c4bb118d9df97fdc0b98612cca371105d637f7e64828f6ef6678a41357fe |
