Issued:: 2026-01-08
Updated:: 2026-01-08

RHSA-2026:0323 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libpng security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libpng is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

libpng: LIBPNG buffer overflow (CVE-2025-64720)
libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2416904 - CVE-2025-64720 libpng: LIBPNG buffer overflow
BZ - 2416907 - CVE-2025-65018 libpng: LIBPNG heap buffer overflow
BZ - 2418711 - CVE-2025-66293 libpng: LIBPNG out-of-bounds read in png_image_read_composite

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
libpng-1.6.34-8.el8_2.1.src.rpm	SHA-256: 9a0b903a53b77bc690504a752ce631927091aa7810e22daf034592735568e262
x86_64
libpng-1.6.34-8.el8_2.1.i686.rpm	SHA-256: 566001ee808f5fb1ba2f0e9c47518b91261a93338d849c06ed27579aaf1b7e15
libpng-1.6.34-8.el8_2.1.x86_64.rpm	SHA-256: 1468497396f4af70cb91646860ced06a3e75bfcfffd08202d70254d26e213192
libpng-debuginfo-1.6.34-8.el8_2.1.i686.rpm	SHA-256: 024624d615d07da50257673ab5b77a328c0868d9ee2208a8b1127a0bc57cbd16
libpng-debuginfo-1.6.34-8.el8_2.1.x86_64.rpm	SHA-256: 498a0b3cd7f29c8074ecb8d639ede7aca9865da4f6e6409a262fd65b48698f59
libpng-debugsource-1.6.34-8.el8_2.1.i686.rpm	SHA-256: 9d131f4558ca0db5f93339abd61e8ab9db298743aa57db025f2b7e3db22c4b90
libpng-debugsource-1.6.34-8.el8_2.1.x86_64.rpm	SHA-256: 2fa17d15429565b2c1e6d1c7f421c272c47b42b2723d2374a6d5a2ad1f5ebc17
libpng-devel-1.6.34-8.el8_2.1.i686.rpm	SHA-256: 16f6c5f8624834db5f26ef41d0958b76fa7ebc63f8052cfa1afdb767f7ec3544
libpng-devel-1.6.34-8.el8_2.1.x86_64.rpm	SHA-256: a08673b68d2c9440cd44ff7552a486e64d0cc5bf3eab98a8da5e8c903c1a79ed
libpng-devel-debuginfo-1.6.34-8.el8_2.1.i686.rpm	SHA-256: a1d0ac6dde85302601b659dce6b5dea51fcec86ea92e60947b4c650ed0a609c9
libpng-devel-debuginfo-1.6.34-8.el8_2.1.x86_64.rpm	SHA-256: 4cf57cc8f77e12d9c8657b617365ce6a82255a9021abffc9aab1c73d3ff705b8
libpng-tools-debuginfo-1.6.34-8.el8_2.1.i686.rpm	SHA-256: 4b442383a13126356640b50984b1ca9ae0f1089371775ad03ed29ca1c06b2fb4
libpng-tools-debuginfo-1.6.34-8.el8_2.1.x86_64.rpm	SHA-256: 1db9ae5e16cfa017f4af37939c73f9658fc7bf3c197672e0af70ec1ff4392356

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation