mingw-libpng-1.6.34-1.el8_10
エラータID: AXSA:2026-015:01
リリース日:
2026/01/08 Thursday - 18:03
題名:
mingw-libpng-1.6.34-1.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libpng には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-64720)
- libpng には、ヒープベースのバッファオーバーフローの問題が
あるため、ローカルの攻撃者により、アプリケーションのクラッシュ、
および任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2025-65018)
- libpng には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-66293)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
CVE-2025-65018
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVE-2025-66293
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
追加情報:
N/A
ダウンロード:
SRPMS
- mingw-libpng-1.6.34-1.el8_10.src.rpm
MD5: 3ee5a13db58670c8439f09c6f55d88b8
SHA-256: 0663d639a6f8bf3a74ab7fb2e71f69a3f0c7857b520cc0c0505969e398d08b3b
Size: 0.97 MB
Asianux Server 8 for x86_64
- mingw32-libpng-1.6.34-1.el8_10.noarch.rpm
MD5: 44290a58cd79155edeed48b162d22308
SHA-256: a0714d2d8f44e8bd2280fa93194cbdc260c17373e884c8b16e96a2644d6f4a43
Size: 281.58 kB - mingw32-libpng-static-1.6.34-1.el8_10.noarch.rpm
MD5: 7fa3d0ba54a7a8b2bff2249de9c2369f
SHA-256: b2958df03866c7c9591bde6ae17b31b3b0467155bb9d0e6a8657ba83cbe21f96
Size: 99.54 kB - mingw64-libpng-1.6.34-1.el8_10.noarch.rpm
MD5: 8a1061a873250ba70c7d8f8f01057eb4
SHA-256: b1e21a648794328cec059b9005dae5ad12c2c1e7d5133ecd25f3c9a270cfedc6
Size: 287.31 kB - mingw64-libpng-static-1.6.34-1.el8_10.noarch.rpm
MD5: dd2165d20b43463a5ae8bedddc1a0787
SHA-256: 80b4af2e0881de2a173695252201561f26ffb4d0930dc0ccf10c3e102dd383ea
Size: 107.06 kB
English