Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 42 libpng Medium Heap Over-read and Overflow CVE-2026-168ebcb4a8

fedora
Calendar Grey February 18, 2026
Dist Fedora Esm H88
Critical updates for libpng 1.6 bring medium severity fixes for buffer over-reads and overflows in Fedora 42.
Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in png_image_read_direct_scaled

Summary

The libpng package contains a library of functions for creating and

manipulating PNG (Portable Network Graphics) image format files. PNG

is a bit-mapped graphics format similar to the GIF format. PNG was

created to replace the GIF format, since GIF uses a patented data

compression algorithm.

Libpng should be installed if you need to manipulate PNG format image

files.

Update Information:

Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in png_image_read_direct_scaled. Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in png_image_write_*. Version 1.6.55 [February 9, 2026] Fixed CVE-2026-25646 (high severity): Heap buffer overflow in png_set_quantize.

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow medium heap

Change Log

* Fri Feb 13 2026 Michal Hlavinka - 2:1.6.55-1 - updated to 1.6.55 (#2429529) * Wed Feb 11 2026 Michal Hlavinka - 2:1.6.54-1 - updated to 1.6.54 * Fri Jan 16 2026 Fedora Release Engineering - 2:1.6.53-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2437248 - CVE-2026-22801 libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437248 [ 2 ] Bug #2438669 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438669 [ 3 ] Bug #2438681 - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438681

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-168ebcb4a8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
medium
Lowest
Low
Medium
High
Critical

Name: libpng
Product: Fedora 42
Version: 1.6.55
Release: 1.fc42
URL: http://www.libpng.org/pub/png/
Summary: A library of functions for manipulating PNG image format files

Topics%20covered

Topics Covered

security advisory denial of service fedora buffer overflow medium heap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here