libpng-1.6.37-12.el9_7.2
エラータID: AXSA:2026-246:05
リリース日:
2026/03/03 Tuesday - 11:06
題名:
libpng-1.6.37-12.el9_7.2
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libpng の png_image_finish_read() 簡易 API 関数には、ヒープ
領域の範囲外読み取りの問題があるため、ローカルの攻撃者により、
8 ビット出力フォーマットで最小行ストライドではないように細工
されたインターレース 16 ビットデータを持つ PNG 形式のファイルの
処理を介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-22695)
- libpng の png_write_image_16bit()、および png_write_image_8bit()
書き込み API 関数には、ヒープ領域の範囲外読み取りの問題があるため、
ローカルの攻撃者により、ボトムアップ画像レイアウト、もしくは 65535
バイトを超えるようなストライドを持つ PNG 形式の画像ファイルの処理を
介して、情報の漏洩、およびサービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2026-22801)
- libpng には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-25646)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-22695
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
追加情報:
N/A
ダウンロード:
SRPMS
- libpng-1.6.37-12.el9_7.2.src.rpm
MD5: a943126358c0c8c9963601fabfc29528
SHA-256: bd09c298d5a7f3ed89601a601b806f0dd51f0d30906f4a26ad54a4fbe4e3ad12
Size: 1.46 MB
Asianux Server 9 for x86_64
- libpng-1.6.37-12.el9_7.2.i686.rpm
MD5: 81b16252aeec9a283fbdbe0daacb5b41
SHA-256: a2751f6c9170e55764ea9a009690c6d5ca95ce91bf4e43d1c3da72cdea1d61bf
Size: 123.89 kB - libpng-1.6.37-12.el9_7.2.x86_64.rpm
MD5: 42d24c10d91258185c5fa0cf04da308c
SHA-256: 6a69df8db3e88e920d74c9ca831dbbdcfac2a09c4b2fe25b5bb8ce94e0196459
Size: 115.28 kB - libpng-devel-1.6.37-12.el9_7.2.i686.rpm
MD5: 5008d82612729131a093ad70d2c59cff
SHA-256: 70c9d0d6fd5df5ff8c44d4db6cb6055ae048624dcb507ffb02c050e5cfb1043a
Size: 294.58 kB - libpng-devel-1.6.37-12.el9_7.2.x86_64.rpm
MD5: 14cdeed0cc3ed6e7232326b58407b585
SHA-256: dcc1b273f86f40d267fb145f087d3c9d85deca072325ddaad04f49b598a21d48
Size: 293.50 kB
English