Bug 2451805 (CVE-2026-33416)
| Summary: | CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | ahughes, caswilli, fferrari, gotiwari, jgrulich, jhorak, kaycoth, khosford, kshier, mtorre, mvyas, pjindal, stcannon, teagle, tfitzsim, tpopela, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2452135, 2452136, 2452137, 2452138, 2452149, 2452150, 2452151, 2452152, 2452153, 2452154, 2452156, 2452157, 2452159, 2452139, 2452140, 2452141, 2452142, 2452143, 2452144, 2452145, 2452146, 2452147, 2452148, 2452155, 2452158 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-26 18:02:19 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:7672 https://access.redhat.com/errata/RHSA-2026:7672 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:7671 https://access.redhat.com/errata/RHSA-2026:7671 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:8052 https://access.redhat.com/errata/RHSA-2026:8052 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:8459 https://access.redhat.com/errata/RHSA-2026:8459 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:9345 https://access.redhat.com/errata/RHSA-2026:9345 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:9638 https://access.redhat.com/errata/RHSA-2026:9638 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2026:11805 https://access.redhat.com/errata/RHSA-2026:11805 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:11813 https://access.redhat.com/errata/RHSA-2026:11813 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:12264 https://access.redhat.com/errata/RHSA-2026:12264 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:13342 https://access.redhat.com/errata/RHSA-2026:13342 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:13412 https://access.redhat.com/errata/RHSA-2026:13412 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:13533 https://access.redhat.com/errata/RHSA-2026:13533 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:13596 https://access.redhat.com/errata/RHSA-2026:13596 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:13582 https://access.redhat.com/errata/RHSA-2026:13582 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:13583 https://access.redhat.com/errata/RHSA-2026:13583 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:13600 https://access.redhat.com/errata/RHSA-2026:13600 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:13665 https://access.redhat.com/errata/RHSA-2026:13665 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:13682 https://access.redhat.com/errata/RHSA-2026:13682 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:13683 https://access.redhat.com/errata/RHSA-2026:13683 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:13922 https://access.redhat.com/errata/RHSA-2026:13922 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:13977 https://access.redhat.com/errata/RHSA-2026:13977 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:14223 https://access.redhat.com/errata/RHSA-2026:14223 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:14303 https://access.redhat.com/errata/RHSA-2026:14303 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:15889 https://access.redhat.com/errata/RHSA-2026:15889 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:18028 https://access.redhat.com/errata/RHSA-2026:18028 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:18064 https://access.redhat.com/errata/RHSA-2026:18064 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:20550 https://access.redhat.com/errata/RHSA-2026:20550 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:20549 https://access.redhat.com/errata/RHSA-2026:20549 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:20551 https://access.redhat.com/errata/RHSA-2026:20551 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:20548 https://access.redhat.com/errata/RHSA-2026:20548 |