libpng-1.6.34-10.el8_10

エラータID: AXSA:2026-342:07

Release date: 
Saturday, March 21, 2026 - 13:40
Subject: 
libpng-1.6.34-10.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-22695
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Solution: 

Update packages.

CVEs: 
CVE-2026-22695
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Additional Info: 

N/A

Download: 

SRPMS
  1. libpng-1.6.34-10.el8_10.src.rpm
    MD5: f02b14b6d27b2951d25d6f7b35ba4757
    SHA-256: 4f50ca237eecfcdbad733cb654930d76c89bb40927d98d817b834e057714b4f4
    Size: 0.99 MB

Asianux Server 8 for x86_64
  1. libpng-1.6.34-10.el8_10.i686.rpm
    MD5: 21d98b516a03d6faa542996ae0677ec6
    SHA-256: eb27c0fda7578e8db986c0ed8e8954c9d62515ffdc390f79f8cb3620f9eaa1dd
    Size: 135.79 kB
  2. libpng-1.6.34-10.el8_10.x86_64.rpm
    MD5: 7d38f746cbb3ea242013eeed7e6559df
    SHA-256: c1b2e1f313209d3b2e0ad3cd4f70d431a4de63e00986e4c5f2b9b670fb0828fd
    Size: 126.09 kB
  3. libpng-devel-1.6.34-10.el8_10.i686.rpm
    MD5: 8ebfca9cd9daca414a4776ea6dbb500d
    SHA-256: 905b63beb77ff030eedcf4f5b785db8ce0a25d356a1e83575b66b7c8ad471bc9
    Size: 327.55 kB
  4. libpng-devel-1.6.34-10.el8_10.x86_64.rpm
    MD5: def9883ba70a59d40d111ca21aed4265
    SHA-256: e69f189545cf29bd6f5eaf3a0b3f00202adae74adf4168b10d807d98c88e3495
    Size: 327.20 kB