Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Fedora 44 Libpng Medium Use-After-Free Memory Bug 2026-67c1138ed2

fedora
Calendar Grey May 29, 2026
Dist Fedora Esm H88
Libpng Fedora 44 update addresses a medium severity use-after-free memory issue, ensuring PNG file manipulation integrity.
updated to 1.6.58 1.6.58 is released with a fix for a simple correctness bug (not a security issue) this time: png_get_PLTE() returns stale palette data when either gamma correctio...

Summary

The libpng package contains a library of functions for creating and

manipulating PNG (Portable Network Graphics) image format files. PNG

is a bit-mapped graphics format similar to the GIF format. PNG was

created to replace the GIF format, since GIF uses a patented data

compression algorithm.

Libpng should be installed if you need to manipulate PNG format image

files.

Update Information:

updated to 1.6.58 1.6.58 is released with a fix for a simple correctness bug (not a security issue) this time: png_get_PLTE() returns stale palette data when either gamma correction or alpha-compositing is the only transform applied. Like the issues addressed in the previous release, this bug was a regression introduced in the fix for CVE-2026-33416 in 1.6.56. 1.6.57 is released with fixes for the following security vulnerability: CVE-2026-34757 (medium severity): Use-after-free memory bug in the chunk setter API. The hIST variant has existed since version 1.0.9, but the PLTE and tRNS ones are regressions introduced in the fix for CVE-2026-33416 in 1.6.56 (oops).

Topics%20covered

Topics Covered

security advisory fedora libpng memory issue medium use-after-free

Change Log

* Thu May 21 2026 Michal Hlavinka - 2:1.6.58-1 - updated to 1.6.58 (#2456815)

References


[ 1 ] Bug #2460625 - CVE-2026-22020 libpng: OpenJDK: Update LibPNG (Oracle CPU 2026-04) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460625

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-67c1138ed2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
medium
Lowest
Low
Medium
High
Critical

Name: libpng
Product: Fedora 44
Version: 1.6.58
Release: 1.fc44
URL: http://www.libpng.org/pub/png/
Summary: A library of functions for manipulating PNG image format files

Topics%20covered

Topics Covered

security advisory fedora libpng memory issue medium use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here