mingw-libpng-1.6.34-1.el8_10

エラータID: AXSA:2026-015:01

リリース日: 
2026/01/08 Thursday - 18:03
題名: 
mingw-libpng-1.6.34-1.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

MinGW Windows Libpng library.

Security Fix(es):

* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
CVE-2025-65018
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVE-2025-66293
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.

解決策: 

Update packages.

CVE: 
CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
CVE-2025-65018
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVE-2025-66293
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. mingw-libpng-1.6.34-1.el8_10.src.rpm
    MD5: 3ee5a13db58670c8439f09c6f55d88b8
    SHA-256: 0663d639a6f8bf3a74ab7fb2e71f69a3f0c7857b520cc0c0505969e398d08b3b
    Size: 0.97 MB

Asianux Server 8 for x86_64
  1. mingw32-libpng-1.6.34-1.el8_10.noarch.rpm
    MD5: 44290a58cd79155edeed48b162d22308
    SHA-256: a0714d2d8f44e8bd2280fa93194cbdc260c17373e884c8b16e96a2644d6f4a43
    Size: 281.58 kB
  2. mingw32-libpng-static-1.6.34-1.el8_10.noarch.rpm
    MD5: 7fa3d0ba54a7a8b2bff2249de9c2369f
    SHA-256: b2958df03866c7c9591bde6ae17b31b3b0467155bb9d0e6a8657ba83cbe21f96
    Size: 99.54 kB
  3. mingw64-libpng-1.6.34-1.el8_10.noarch.rpm
    MD5: 8a1061a873250ba70c7d8f8f01057eb4
    SHA-256: b1e21a648794328cec059b9005dae5ad12c2c1e7d5133ecd25f3c9a270cfedc6
    Size: 287.31 kB
  4. mingw64-libpng-static-1.6.34-1.el8_10.noarch.rpm
    MD5: dd2165d20b43463a5ae8bedddc1a0787
    SHA-256: 80b4af2e0881de2a173695252201561f26ffb4d0930dc0ccf10c3e102dd383ea
    Size: 107.06 kB