Issued:: 2026-03-17
Updated:: 2026-03-17

RHSA-2026:4732 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libpng security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libpng is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2428824 - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
BZ - 2428825 - CVE-2026-22695 libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read
BZ - 2438542 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
libpng-1.6.34-8.el8_2.2.src.rpm	SHA-256: c90edfcd7248ded717e8c4bcf6c6f1d639ccc8ffa5a94a14a018324420c4994a
x86_64
libpng-1.6.34-8.el8_2.2.i686.rpm	SHA-256: 4765a9a8423491352c34c3abcc60500f7f57529c74956e79a7a0dde290f1e737
libpng-1.6.34-8.el8_2.2.x86_64.rpm	SHA-256: 35788db6ce499cc0faaea57e893f1a68a2fce890be10a5d4119e3b883b11c1be
libpng-debuginfo-1.6.34-8.el8_2.2.i686.rpm	SHA-256: 22f894f362f7c3a834520bb9635fe38212b6305ea87b521fa3da7089d85e573e
libpng-debuginfo-1.6.34-8.el8_2.2.x86_64.rpm	SHA-256: e1148a026801a05a5c12b25a2f4b30c979c7e242cb572d95ec330a5e53e534b2
libpng-debugsource-1.6.34-8.el8_2.2.i686.rpm	SHA-256: 3ffa33e9ab9a59fc0af686d919112fc18ee301200644dc35b7b16b1b827701f2
libpng-debugsource-1.6.34-8.el8_2.2.x86_64.rpm	SHA-256: c9ae356409724c7ee4d33f83d8a130470b77de953c0adcd20397cea66e6059e0
libpng-devel-1.6.34-8.el8_2.2.i686.rpm	SHA-256: 964c22d72e4976660f7e1a215fcce9f9f1c2b8e5ad2b4878494785b6c8f7e47c
libpng-devel-1.6.34-8.el8_2.2.x86_64.rpm	SHA-256: b049ce663dc5a368eefea7ea3ce274f15259492eda9bdf469705084d5a4c5479
libpng-devel-debuginfo-1.6.34-8.el8_2.2.i686.rpm	SHA-256: f98606cb6f00643ee50cec57294873ac8d6ff2d4c1b684126944c215da21cb39
libpng-devel-debuginfo-1.6.34-8.el8_2.2.x86_64.rpm	SHA-256: 31983b49e038984e833959b423bc1e4bc4dc166d5cf41dec6665d91a546eaf7f
libpng-tools-debuginfo-1.6.34-8.el8_2.2.i686.rpm	SHA-256: 565d5b1ed28d87071d071c94f80a1512cf3a9d5188fe495421f9b30a5282e0dc
libpng-tools-debuginfo-1.6.34-8.el8_2.2.x86_64.rpm	SHA-256: 704229dd16e36428de1032ff41dbcd48de6675642b5a6c07ad162ef2ee5410af

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation