Alerts This Week
Warning Icon 1 815
Alerts This Week
Warning Icon 1 815

Fedora 43 libpng Addresses Medium Severity Memory Bug CVE-2026-34757

fedora
Calendar Grey June 2, 2026
Dist Fedora Esm H88
Fix for medium severity memory bug in libpng 1.6.58 for Fedora 43 addresses regressions and improves functionality.
updated to 1.6.58 1.6.58 is released with a fix for a simple correctness bug (not a security issue) this time: png_get_PLTE() returns stale palette data when either gamma correctio...

Summary

The libpng package contains a library of functions for creating and

manipulating PNG (Portable Network Graphics) image format files. PNG

is a bit-mapped graphics format similar to the GIF format. PNG was

created to replace the GIF format, since GIF uses a patented data

compression algorithm.

Libpng should be installed if you need to manipulate PNG format image

files.

Update Information:

updated to 1.6.58 1.6.58 is released with a fix for a simple correctness bug (not a security issue) this time: png_get_PLTE() returns stale palette data when either gamma correction or alpha-compositing is the only transform applied. Like the issues addressed in the previous release, this bug was a regression introduced in the fix for CVE-2026-33416 in 1.6.56. 1.6.57 is released with fixes for the following security vulnerability: CVE-2026-34757 (medium severity): Use-after-free memory bug in the chunk setter API. The hIST variant has existed since version 1.0.9, but the PLTE and tRNS ones are regressions introduced in the fix for CVE-2026-33416 in 1.6.56 (oops).

Topics%20covered

Topics Covered

security advisory fedora update libpng medium memory bug

Change Log

* Thu May 21 2026 Michal Hlavinka - 2:1.6.58-1 - updated to 1.6.58 (#2456815)

References


[ 1 ] Bug #2460625 - CVE-2026-22020 libpng: OpenJDK: Update LibPNG (Oracle CPU 2026-04) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2460625

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a109a9ac2c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
medium
Lowest
Low
Medium
High
Critical

Name: libpng
Product: Fedora 43
Version: 1.6.58
Release: 1.fc43
URL: http://www.libpng.org/pub/png/
Summary: A library of functions for manipulating PNG image format files

Topics%20covered

Topics Covered

security advisory fedora update libpng medium memory bug

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here