Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 42 libpng High Risk Use-after-free Out-of-Bounds Fix 2026-ba18a54554

fedora
Calendar Grey April 16, 2026
Dist Fedora Esm H88
Critical libpng update for Fedora 42 fixes high-severity threats from use-after-free and out-of-bounds bugs.
1.6.56 is release fixes for the following two security vulnerabilities: CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code

Summary

The libpng package contains a library of functions for creating and

manipulating PNG (Portable Network Graphics) image format files. PNG

is a bit-mapped graphics format similar to the GIF format. PNG was

created to replace the GIF format, since GIF uses a patented data

compression algorithm.

Libpng should be installed if you need to manipulate PNG format image

files.

Update Information:

1.6.56 is release fixes for the following two security vulnerabilities: CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another. CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36. The images that trigger these bugs are valid. Users are encouraged to update immediately.

Topics%20covered

Topics Covered

security advisory fedora libpng high out-of-bounds use-after-free

Change Log

* Mon Apr 6 2026 Michal Hlavinka - 2:1.6.56-1 - updated to 1.6.56 (#2451569)

References


[ 1 ] Bug #2452116 - CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2452116 [ 2 ] Bug #2452144 - CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2452144

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ba18a54554' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libpng
Product: Fedora 42
Version: 1.6.56
Release: 1.fc42
URL: http://www.libpng.org/pub/png/
Summary: A library of functions for manipulating PNG image format files

Topics%20covered

Topics Covered

security advisory fedora libpng high out-of-bounds use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here