libpng-1.6.34-10.el8_10
エラータID: AXSA:2026-342:07
リリース日:
2026/03/21 Saturday - 13:40
題名:
libpng-1.6.34-10.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libpng の png_image_finish_read() 簡易 API 関数には、ヒープ
領域の範囲外読み取りの問題があるため、ローカルの攻撃者により、
8 ビット出力フォーマットで最小行ストライドではないように細工
されたインターレース 16 ビットデータを持つ PNG 形式のファイルの
処理を介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-22695)
- libpng の png_write_image_16bit()、および png_write_image_8bit()
書き込み API 関数には、ヒープ領域の範囲外読み取りの問題があるため、
ローカルの攻撃者により、ボトムアップ画像レイアウト、もしくは 65535
バイトを超えるようなストライドを持つ PNG 形式の画像ファイルの処理を
介して、情報の漏洩、およびサービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2026-22801)
- libpng には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-25646)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-22695
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
追加情報:
N/A
ダウンロード:
SRPMS
- libpng-1.6.34-10.el8_10.src.rpm
MD5: f02b14b6d27b2951d25d6f7b35ba4757
SHA-256: 4f50ca237eecfcdbad733cb654930d76c89bb40927d98d817b834e057714b4f4
Size: 0.99 MB
Asianux Server 8 for x86_64
- libpng-1.6.34-10.el8_10.i686.rpm
MD5: 21d98b516a03d6faa542996ae0677ec6
SHA-256: eb27c0fda7578e8db986c0ed8e8954c9d62515ffdc390f79f8cb3620f9eaa1dd
Size: 135.79 kB - libpng-1.6.34-10.el8_10.x86_64.rpm
MD5: 7d38f746cbb3ea242013eeed7e6559df
SHA-256: c1b2e1f313209d3b2e0ad3cd4f70d431a4de63e00986e4c5f2b9b670fb0828fd
Size: 126.09 kB - libpng-devel-1.6.34-10.el8_10.i686.rpm
MD5: 8ebfca9cd9daca414a4776ea6dbb500d
SHA-256: 905b63beb77ff030eedcf4f5b785db8ce0a25d356a1e83575b66b7c8ad471bc9
Size: 327.55 kB - libpng-devel-1.6.34-10.el8_10.x86_64.rpm
MD5: def9883ba70a59d40d111ca21aed4265
SHA-256: e69f189545cf29bd6f5eaf3a0b3f00202adae74adf4168b10d807d98c88e3495
Size: 327.20 kB
English