libpng-1.6.37-12.el9_7.1
エラータID: AXSA:2026-022:03
リリース日:
2026/01/09 Friday - 10:49
題名:
libpng-1.6.37-12.el9_7.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libpng には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-64720)
- libpng には、ヒープベースのバッファオーバーフローの問題が
あるため、ローカルの攻撃者により、アプリケーションのクラッシュ、
および任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2025-65018)
- libpng には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-66293)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-64720
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.
CVE-2025-65018
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
CVE-2025-66293
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
追加情報:
N/A
ダウンロード:
SRPMS
- libpng-1.6.37-12.el9_7.1.src.rpm
MD5: 79d416243f9c0fa3eeb5a2743dd5504c
SHA-256: caef96d0ba3a9706da161ea56d3573718a30cdbad74990b6b90ed61d5ab2b5c1
Size: 1.46 MB
Asianux Server 9 for x86_64
- libpng-1.6.37-12.el9_7.1.i686.rpm
MD5: 639c68ca1981da28e12fe075c30dd072
SHA-256: e57a97834292026dc76a107713ec8a9028abe8b825ad9c434266efb804171eec
Size: 123.60 kB - libpng-1.6.37-12.el9_7.1.x86_64.rpm
MD5: 4485d5ad53aaedc5c50ae57a230098c8
SHA-256: 2a36294d00d2d527500aa9b5a7d2b1f588ba2c5977b4838cfecdd461de4f33f1
Size: 114.93 kB - libpng-devel-1.6.37-12.el9_7.1.i686.rpm
MD5: 9995a27a8eb6bcdc3caafe37bf5e8751
SHA-256: 78e95bbe178ca75dc067f06f2f5fc98e9ac66a7639336bac9ebbb95ddc6cdf19
Size: 294.28 kB - libpng-devel-1.6.37-12.el9_7.1.x86_64.rpm
MD5: a1944c0eceb03ced466fb0f8d216ca25
SHA-256: e5474954721b70f1e9fc97e94d0456679231dda957a82af7f5c5c0e2001fe9bd
Size: 293.23 kB
English