libpng-1.6.34-9.el8_10
エラータID: AXSA:2026-006:01
リリース日:
2026/01/08 Thursday - 11:27
題名:
libpng-1.6.34-9.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libpng には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-64720)
- libpng には、ヒープベースのバッファオーバーフローの問題が
あるため、ローカルの攻撃者により、アプリケーションのクラッシュ、
および任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2025-65018)
- libpng には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-66293)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
CVE-2025-65018
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVE-2025-66293
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
追加情報:
N/A
ダウンロード:
SRPMS
- libpng-1.6.34-9.el8_10.src.rpm
MD5: 9fa750638e81622915587a8a2b8a52e3
SHA-256: 628968ec4366c8bc2ad07e012717de5fa34e3b52caf7492db485741e73b34d8b
Size: 0.99 MB
Asianux Server 8 for x86_64
- libpng-1.6.34-9.el8_10.i686.rpm
MD5: cad3e1668f3c32a90a8419f5c4b5e94e
SHA-256: ec227856471b8d4e5d9ce50895e2776c58833e44bd375d613909f7109e2b8255
Size: 135.62 kB - libpng-1.6.34-9.el8_10.x86_64.rpm
MD5: 0a693e2439098527353bb6080908707b
SHA-256: c723a58e633bac139a27442b9e8333218008577ff768a870536725561a0a9b71
Size: 125.77 kB - libpng-devel-1.6.34-9.el8_10.i686.rpm
MD5: f73755596cdef9127d1ed2b3da784381
SHA-256: b8a25ce664c97a257f77a77128a1f900d850687746b5b4549e3ced9ab7dc0078
Size: 327.26 kB - libpng-devel-1.6.34-9.el8_10.x86_64.rpm
MD5: 0103088569910ccb54a9dc0ee8d25a2f
SHA-256: 76de36854e5bcb0869500933b8dafd833e0d08ac6564a5c5bf6f4ad4d8929d93
Size: 326.92 kB
English