libpng-1.6.37-12.el9_7.3

エラータID: AXSA:2026-581:08

Release date: 
Monday, May 11, 2026 - 15:05
Subject: 
libpng-1.6.37-12.el9_7.3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

* libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-33636
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.

Solution: 

Update packages.

CVEs: 
CVE-2026-33636
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.
Additional Info: 

N/A

Download: 

SRPMS
  1. libpng-1.6.37-12.el9_7.3.src.rpm
    MD5: de52905bf30fec47a39ea2562615738a
    SHA-256: ca81db5e8f66f77f9d49dc61ef0c2628a5e8fa78ac3acdaa40aa2e9de2dd5196
    Size: 1.47 MB

Asianux Server 9 for x86_64
  1. libpng-1.6.37-12.el9_7.3.i686.rpm
    MD5: bdbf41f193405f4f661b19629d746aa4
    SHA-256: eeb88cf5fa0d3380797559b9c75a49a3f1b02d0784f026e62c1db3fba9816aa0
    Size: 124.02 kB
  2. libpng-1.6.37-12.el9_7.3.x86_64.rpm
    MD5: 4a98e502712a2b0f5bb07abf86e79711
    SHA-256: 3858a76d412dfebea82cf67a8b47d24a2c9b1ff0a091bc4fc08ac484a1ad98c9
    Size: 115.39 kB
  3. libpng-devel-1.6.37-12.el9_7.3.i686.rpm
    MD5: 0fc858f772256a1aa4981ff8a22f1870
    SHA-256: 44a05a74eb4d2cb9b0deb5cac327e9357c2030f5f9ccbaefd8432f1d04bfc08b
    Size: 294.76 kB
  4. libpng-devel-1.6.37-12.el9_7.3.x86_64.rpm
    MD5: 0d28bcd62828e8e1e37e85bf7a1b54c6
    SHA-256: 31f4dd35a980917f0c4ab6dac97dd012f15ce9242bce47c16a98635bd0e83a32
    Size: 293.67 kB