RLSA-2026:0238

Details

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

libpng: LIBPNG buffer overflow (CVE-2025-64720)
libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Packages

Rocky Linux:9libpng

Fixed in:

2:1.6.37-12.el9_7.1

References

REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2416904 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2416907 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2418711 ADVISORYhttps://errata.rockylinux.org/RLSA-2026:0238

RLSA-2026:0238

Details

Affected Packages

References

CVSS Analysis

Upstream

Ecosystems

Credits

Timeline