Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 44 libpng High Use-after-Free Out-of-Bounds 2026-c6c617fe35

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
Libpng 1.6.56 for Fedora 44 addresses critical high-severity security issues from CVE-2026-33416 and CVE-2026-33636.
1.6.56 is release fixes for the following two security vulnerabilities: CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code

Summary

The libpng package contains a library of functions for creating and

manipulating PNG (Portable Network Graphics) image format files. PNG

is a bit-mapped graphics format similar to the GIF format. PNG was

created to replace the GIF format, since GIF uses a patented data

compression algorithm.

Libpng should be installed if you need to manipulate PNG format image

files.

Update Information:

1.6.56 is release fixes for the following two security vulnerabilities: CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code. Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another. CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette-expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36. The images that trigger these bugs are valid. Users are encouraged to update immediately.

Topics%20covered

Topics Covered

security advisory fedora high out-of-bounds use-after-free palette-handling

Change Log

* Mon Apr 6 2026 Michal Hlavinka - 2:1.6.56-1 - updated to 1.6.56 (#2451569)

References

Fedora Update Notification FEDORA-2026-c6c617fe35 2026-04-25 01:21:36.172156+00:00 Name : libpng Product : Fedora 44 Version : 1.6.56 Release : 1.fc44 URL : http://www.libpng.org/pub/png/ Summary : A library of functions for manipulating PNG image format files Description : The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng should be installed if you need to manipulate PNG format image files.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c6c617fe35' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libpng
Product: Fedora 44
Version: 1.6.56
Release: 1.fc44
URL: http://www.libpng.org/pub/png/
Summary: A library of functions for manipulating PNG image format files

Topics%20covered

Topics Covered

security advisory fedora high out-of-bounds use-after-free palette-handling

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here