libpng-1.6.37-12.el9_7.3
エラータID: AXSA:2026-581:08
リリース日:
2026/05/11 Monday - 15:05
題名:
libpng-1.6.37-12.el9_7.3
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- libpng には、メモリ領域の範囲外アクセスの問題があるため、
リモートの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-33636)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-33636
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.
追加情報:
N/A
ダウンロード:
SRPMS
- libpng-1.6.37-12.el9_7.3.src.rpm
MD5: de52905bf30fec47a39ea2562615738a
SHA-256: ca81db5e8f66f77f9d49dc61ef0c2628a5e8fa78ac3acdaa40aa2e9de2dd5196
Size: 1.47 MB
Asianux Server 9 for x86_64
- libpng-1.6.37-12.el9_7.3.i686.rpm
MD5: bdbf41f193405f4f661b19629d746aa4
SHA-256: eeb88cf5fa0d3380797559b9c75a49a3f1b02d0784f026e62c1db3fba9816aa0
Size: 124.02 kB - libpng-1.6.37-12.el9_7.3.x86_64.rpm
MD5: 4a98e502712a2b0f5bb07abf86e79711
SHA-256: 3858a76d412dfebea82cf67a8b47d24a2c9b1ff0a091bc4fc08ac484a1ad98c9
Size: 115.39 kB - libpng-devel-1.6.37-12.el9_7.3.i686.rpm
MD5: 0fc858f772256a1aa4981ff8a22f1870
SHA-256: 44a05a74eb4d2cb9b0deb5cac327e9357c2030f5f9ccbaefd8432f1d04bfc08b
Size: 294.76 kB - libpng-devel-1.6.37-12.el9_7.3.x86_64.rpm
MD5: 0d28bcd62828e8e1e37e85bf7a1b54c6
SHA-256: 31f4dd35a980917f0c4ab6dac97dd012f15ce9242bce47c16a98635bd0e83a32
Size: 293.67 kB
English