Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:3405 - Security Advisory
Issued:
2026-02-26
Updated:
2026-02-26

RHSA-2026:3405 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: libpng security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libpng is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

  • libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
  • libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
  • libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2428824 - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
  • BZ - 2428825 - CVE-2026-22695 libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read
  • BZ - 2438542 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

CVEs

  • CVE-2026-22695
  • CVE-2026-22801
  • CVE-2026-25646

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
libpng-1.6.37-12.el9_7.2.src.rpm SHA-256: ee557033d0e7472d41825b9c4b9f2b142857cfa17caf43d12d9ecf08c8a5e290
x86_64
libpng-1.6.37-12.el9_7.2.i686.rpm SHA-256: 40cfd8481a5f628e0441612ff957127807e2402c24cabb52abdaed0d7be552a0
libpng-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: 19b5cf6b3a14137a159ea956c61559fb776a72d251b6c60a4d4959cdd88db3d1
libpng-debuginfo-1.6.37-12.el9_7.2.i686.rpm SHA-256: a41351d03659f4033d1eb819ff6a03a9df46da69c498df4870d5b73b24bd3d4d
libpng-debuginfo-1.6.37-12.el9_7.2.i686.rpm SHA-256: a41351d03659f4033d1eb819ff6a03a9df46da69c498df4870d5b73b24bd3d4d
libpng-debuginfo-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: f3e9054454a4a4d7ec6bd29614732e343fb8697f8792b3a144f4fe59b36a3778
libpng-debuginfo-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: f3e9054454a4a4d7ec6bd29614732e343fb8697f8792b3a144f4fe59b36a3778
libpng-debugsource-1.6.37-12.el9_7.2.i686.rpm SHA-256: 3bcf1a56e6cad5f50fb4fad79679588a7261cc09429d6217105472883208788e
libpng-debugsource-1.6.37-12.el9_7.2.i686.rpm SHA-256: 3bcf1a56e6cad5f50fb4fad79679588a7261cc09429d6217105472883208788e
libpng-debugsource-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: 0223bb15d28cd814c119735fc8f15c92765d4ec47e7c1245969f89ed6125a8b1
libpng-debugsource-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: 0223bb15d28cd814c119735fc8f15c92765d4ec47e7c1245969f89ed6125a8b1
libpng-devel-1.6.37-12.el9_7.2.i686.rpm SHA-256: 6155f061c5532f2f14ba225242742f895a725707ca043afd2c37d656e88b9ace
libpng-devel-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: 189234b885417b9111d0fb09ae58a381e64afb35fa141254e318fadd9127bebf
libpng-devel-debuginfo-1.6.37-12.el9_7.2.i686.rpm SHA-256: 4aa68c5cc839ea390853e5c478e6de0dd75220abd01cfcc47eb37deaa9174619
libpng-devel-debuginfo-1.6.37-12.el9_7.2.i686.rpm SHA-256: 4aa68c5cc839ea390853e5c478e6de0dd75220abd01cfcc47eb37deaa9174619
libpng-devel-debuginfo-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: 7747b9b2d12df129542ada83afc4eb1aee1d67241fb5b458aeb73d616278a304
libpng-devel-debuginfo-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: 7747b9b2d12df129542ada83afc4eb1aee1d67241fb5b458aeb73d616278a304
libpng-tools-debuginfo-1.6.37-12.el9_7.2.i686.rpm SHA-256: 399ee5aa06c94a587d2c5b8764013154d335a9964f615b5e2791e9162c00185c
libpng-tools-debuginfo-1.6.37-12.el9_7.2.i686.rpm SHA-256: 399ee5aa06c94a587d2c5b8764013154d335a9964f615b5e2791e9162c00185c
libpng-tools-debuginfo-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: 992a1aa78892aaf1160074b9b122ceb9851aa2eebd80a04c129ecece86512d05
libpng-tools-debuginfo-1.6.37-12.el9_7.2.x86_64.rpm SHA-256: 992a1aa78892aaf1160074b9b122ceb9851aa2eebd80a04c129ecece86512d05

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
s390x
libpng-1.6.37-12.el9_7.2.s390x.rpm SHA-256: dde1fee027278ae568355e423e058db44271d84f18bb11255678477d4ef3385b
libpng-debuginfo-1.6.37-12.el9_7.2.s390x.rpm SHA-256: be71c4b88b4ec361903748fc95a71005bffb71a58d29c50cc59fcf4a3d533900
libpng-debugsource-1.6.37-12.el9_7.2.s390x.rpm SHA-256: d1ed271ecdb494d2d9ba4701386613a52b5941bb21ed0e877e485decdd3ee3a9
libpng-devel-1.6.37-12.el9_7.2.s390x.rpm SHA-256: 3cfa9f4904bbd351eeb66c85e36591473f86b3e6db014ca29a333a9b31044e5c
libpng-devel-debuginfo-1.6.37-12.el9_7.2.s390x.rpm SHA-256: 7fc007f4c19e81e6c984dfa7f64df905bf470c27f601f3a64c0b95a9ef00b89b
libpng-tools-debuginfo-1.6.37-12.el9_7.2.s390x.rpm SHA-256: 22a459009d55963ff8b1143f88cd5b47df127f9f26d7b47e20f21e50a84e1029

Red Hat Enterprise Linux for Power, little endian 9

SRPM
libpng-1.6.37-12.el9_7.2.src.rpm SHA-256: ee557033d0e7472d41825b9c4b9f2b142857cfa17caf43d12d9ecf08c8a5e290
ppc64le
libpng-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: db82e5bf347b2c72408d9153827bb903f65a51d6f83d810bd3ea1afe1131a937
libpng-debuginfo-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: 6cbc865eb13a22cc746e824d917e9af5589a4ab58ccb8771e2de15182a51e1bb
libpng-debuginfo-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: 6cbc865eb13a22cc746e824d917e9af5589a4ab58ccb8771e2de15182a51e1bb
libpng-debugsource-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: 1ee768ae6c9ad566a741be17aeb17babd053b8d979b7e7cae55e5c60f6eae4d0
libpng-debugsource-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: 1ee768ae6c9ad566a741be17aeb17babd053b8d979b7e7cae55e5c60f6eae4d0
libpng-devel-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: e7fd71e2abaaf2479059c668e780f8cb1bdbfb1dfff2c67b09cda97c131a86ed
libpng-devel-debuginfo-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: 28b464e6d675473497a27eb43daefd59fd46a86bfafa79189c369c51b82ee505
libpng-devel-debuginfo-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: 28b464e6d675473497a27eb43daefd59fd46a86bfafa79189c369c51b82ee505
libpng-tools-debuginfo-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: 9451edafc3ea05761869024157786a6bd2a79c8f5d7cb235c3ccede82513c081
libpng-tools-debuginfo-1.6.37-12.el9_7.2.ppc64le.rpm SHA-256: 9451edafc3ea05761869024157786a6bd2a79c8f5d7cb235c3ccede82513c081

Red Hat Enterprise Linux for ARM 64 9

SRPM
libpng-1.6.37-12.el9_7.2.src.rpm SHA-256: ee557033d0e7472d41825b9c4b9f2b142857cfa17caf43d12d9ecf08c8a5e290
aarch64
libpng-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: fdc3b1562a25f0d4e5d2ce45ea7d31de79fdd7e28043092be081cb19a285b0ee
libpng-debuginfo-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: 999baaf3712fff0ed6cf7a78070a73b5c3fa15a72d192e42510149db331895c5
libpng-debuginfo-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: 999baaf3712fff0ed6cf7a78070a73b5c3fa15a72d192e42510149db331895c5
libpng-debugsource-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: 49b2f029357932ba3e7bc5000896b2772a885d4304f07e479d384e5ac57f8439
libpng-debugsource-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: 49b2f029357932ba3e7bc5000896b2772a885d4304f07e479d384e5ac57f8439
libpng-devel-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: 931c34d500b24a439890f0b0409f6a5a04009254c73ce5f797c0da5ecc9bb0c5
libpng-devel-debuginfo-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: e43f2a370847544c54c87eb1cdf368fb461f04827ee85e655acee72e7bfeac15
libpng-devel-debuginfo-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: e43f2a370847544c54c87eb1cdf368fb461f04827ee85e655acee72e7bfeac15
libpng-tools-debuginfo-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: 4c1e15df2db86c7e71cf8bf1736c4666043a9e19e9aa1239dc995330f375cc10
libpng-tools-debuginfo-1.6.37-12.el9_7.2.aarch64.rpm SHA-256: 4c1e15df2db86c7e71cf8bf1736c4666043a9e19e9aa1239dc995330f375cc10

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility