Bug 2438542 (CVE-2026-25646) - CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize
Summary: CVE-2026-25646 libpng: LIBPNG has a heap buffer overflow in png_set_quantize
Keywords:
Status: NEW
Alias: CVE-2026-25646
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2438653 2438654 2438656 2438657 2438659 2438660 2438661 2438662 2438664 2438665 2438666 2438667 2438668 2438674 2438675 2438676 2438677 2438678 2438679 2438680 2438686 2438655 2438658 2438663 2438669 2438670 2438671 2438672 2438673 2438681 2438682 2438683 2438684 2438685
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-10 18:01 UTC by OSIDB Bzimport
Modified: 2026-05-20 13:27 UTC (History)
23 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:3432 0 None None None 2026-02-26 12:21:50 UTC
Red Hat Product Errata RHBA-2026:3433 0 None None None 2026-02-26 12:26:40 UTC
Red Hat Product Errata RHBA-2026:3466 0 None None None 2026-03-02 01:03:14 UTC
Red Hat Product Errata RHBA-2026:3467 0 None None None 2026-03-02 01:03:49 UTC
Red Hat Product Errata RHBA-2026:3650 0 None None None 2026-03-03 13:54:00 UTC
Red Hat Product Errata RHBA-2026:4783 0 None None None 2026-03-17 15:30:54 UTC
Red Hat Product Errata RHBA-2026:4784 0 None None None 2026-03-17 15:23:00 UTC
Red Hat Product Errata RHBA-2026:4941 0 None None None 2026-03-18 18:08:50 UTC
Red Hat Product Errata RHBA-2026:5367 0 None None None 2026-03-23 14:31:12 UTC
Red Hat Product Errata RHBA-2026:5377 0 None None None 2026-03-23 11:31:32 UTC
Red Hat Product Errata RHSA-2026:10097 0 None None None 2026-04-30 12:10:48 UTC
Red Hat Product Errata RHSA-2026:12274 0 None None None 2026-05-08 20:57:00 UTC
Red Hat Product Errata RHSA-2026:14773 0 None None None 2026-05-13 14:16:23 UTC
Red Hat Product Errata RHSA-2026:15087 0 None None None 2026-05-13 13:54:56 UTC
Red Hat Product Errata RHSA-2026:17596 0 None None None 2026-05-20 13:27:26 UTC
Red Hat Product Errata RHSA-2026:3031 0 None None None 2026-02-23 01:40:53 UTC
Red Hat Product Errata RHSA-2026:3405 0 None None None 2026-02-26 07:21:06 UTC
Red Hat Product Errata RHSA-2026:3551 0 None None None 2026-03-02 15:27:11 UTC
Red Hat Product Errata RHSA-2026:3573 0 None None None 2026-03-02 19:53:13 UTC
Red Hat Product Errata RHSA-2026:3574 0 None None None 2026-03-03 00:37:03 UTC
Red Hat Product Errata RHSA-2026:3575 0 None None None 2026-03-03 00:06:32 UTC
Red Hat Product Errata RHSA-2026:3576 0 None None None 2026-03-03 01:00:09 UTC
Red Hat Product Errata RHSA-2026:3577 0 None None None 2026-03-02 19:59:20 UTC
Red Hat Product Errata RHSA-2026:3968 0 None None None 2026-03-09 01:50:11 UTC
Red Hat Product Errata RHSA-2026:3969 0 None None None 2026-03-09 01:28:21 UTC
Red Hat Product Errata RHSA-2026:4221 0 None None None 2026-03-10 18:20:38 UTC
Red Hat Product Errata RHSA-2026:4222 0 None None None 2026-03-10 17:54:50 UTC
Red Hat Product Errata RHSA-2026:4306 0 None None None 2026-03-11 11:20:30 UTC
Red Hat Product Errata RHSA-2026:4728 0 None None None 2026-03-17 10:13:25 UTC
Red Hat Product Errata RHSA-2026:4729 0 None None None 2026-03-17 09:52:21 UTC
Red Hat Product Errata RHSA-2026:4730 0 None None None 2026-03-17 10:07:55 UTC
Red Hat Product Errata RHSA-2026:4731 0 None None None 2026-03-17 09:34:30 UTC
Red Hat Product Errata RHSA-2026:4732 0 None None None 2026-03-17 09:35:12 UTC
Red Hat Product Errata RHSA-2026:4756 0 None None None 2026-03-17 13:06:28 UTC
Red Hat Product Errata RHSA-2026:6439 0 None None None 2026-04-02 11:04:12 UTC
Red Hat Product Errata RHSA-2026:6445 0 None None None 2026-04-02 11:27:28 UTC
Red Hat Product Errata RHSA-2026:6466 0 None None None 2026-04-02 12:02:48 UTC
Red Hat Product Errata RHSA-2026:6467 0 None None None 2026-04-02 12:10:23 UTC
Red Hat Product Errata RHSA-2026:6468 0 None None None 2026-04-02 12:14:22 UTC
Red Hat Product Errata RHSA-2026:6469 0 None None None 2026-04-02 12:15:23 UTC
Red Hat Product Errata RHSA-2026:6553 0 None None None 2026-04-09 08:24:31 UTC
Red Hat Product Errata RHSA-2026:7032 0 None None None 2026-04-08 12:09:19 UTC
Red Hat Product Errata RHSA-2026:7033 0 None None None 2026-04-08 12:09:29 UTC
Red Hat Product Errata RHSA-2026:7034 0 None None None 2026-04-08 12:00:40 UTC
Red Hat Product Errata RHSA-2026:7035 0 None None None 2026-04-08 12:39:55 UTC
Red Hat Product Errata RHSA-2026:7036 0 None None None 2026-04-08 11:54:51 UTC
Red Hat Product Errata RHSA-2026:7239 0 None None None 2026-04-16 10:24:19 UTC
Red Hat Product Errata RHSA-2026:7243 0 None None None 2026-04-16 10:56:22 UTC

Description OSIDB Bzimport 2026-02-10 18:01:50 UTC 
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Comment 1 errata-xmlrpc 2026-02-23 01:40:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:3031 https://access.redhat.com/errata/RHSA-2026:3031
Comment 2 errata-xmlrpc 2026-02-26 07:21:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:3405 https://access.redhat.com/errata/RHSA-2026:3405
Comment 3 errata-xmlrpc 2026-03-02 15:27:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:3551 https://access.redhat.com/errata/RHSA-2026:3551
Comment 4 errata-xmlrpc 2026-03-02 19:53:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:3573 https://access.redhat.com/errata/RHSA-2026:3573
Comment 5 errata-xmlrpc 2026-03-02 19:59:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:3577 https://access.redhat.com/errata/RHSA-2026:3577
Comment 6 errata-xmlrpc 2026-03-03 00:06:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:3575 https://access.redhat.com/errata/RHSA-2026:3575
Comment 7 errata-xmlrpc 2026-03-03 00:37:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:3574 https://access.redhat.com/errata/RHSA-2026:3574
Comment 8 errata-xmlrpc 2026-03-03 01:00:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:3576 https://access.redhat.com/errata/RHSA-2026:3576
Comment 9 errata-xmlrpc 2026-03-09 01:28:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:3969 https://access.redhat.com/errata/RHSA-2026:3969
Comment 10 errata-xmlrpc 2026-03-09 01:50:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:3968 https://access.redhat.com/errata/RHSA-2026:3968
Comment 11 errata-xmlrpc 2026-03-10 17:54:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:4222 https://access.redhat.com/errata/RHSA-2026:4222
Comment 12 errata-xmlrpc 2026-03-10 18:20:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4221 https://access.redhat.com/errata/RHSA-2026:4221
Comment 13 errata-xmlrpc 2026-03-11 11:20:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4306 https://access.redhat.com/errata/RHSA-2026:4306
Comment 14 errata-xmlrpc 2026-03-17 09:34:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:4731 https://access.redhat.com/errata/RHSA-2026:4731
Comment 15 errata-xmlrpc 2026-03-17 09:35:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:4732 https://access.redhat.com/errata/RHSA-2026:4732
Comment 16 errata-xmlrpc 2026-03-17 09:52:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:4729 https://access.redhat.com/errata/RHSA-2026:4729
Comment 17 errata-xmlrpc 2026-03-17 10:07:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:4730 https://access.redhat.com/errata/RHSA-2026:4730
Comment 18 errata-xmlrpc 2026-03-17 10:13:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4728 https://access.redhat.com/errata/RHSA-2026:4728
Comment 19 errata-xmlrpc 2026-03-17 13:06:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:4756 https://access.redhat.com/errata/RHSA-2026:4756
Comment 22 errata-xmlrpc 2026-04-02 11:04:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:6439 https://access.redhat.com/errata/RHSA-2026:6439
Comment 23 errata-xmlrpc 2026-04-02 11:27:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:6445 https://access.redhat.com/errata/RHSA-2026:6445
Comment 24 errata-xmlrpc 2026-04-02 12:02:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:6466 https://access.redhat.com/errata/RHSA-2026:6466
Comment 25 errata-xmlrpc 2026-04-02 12:10:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:6467 https://access.redhat.com/errata/RHSA-2026:6467
Comment 26 errata-xmlrpc 2026-04-02 12:14:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:6468 https://access.redhat.com/errata/RHSA-2026:6468
Comment 27 errata-xmlrpc 2026-04-02 12:15:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:6469 https://access.redhat.com/errata/RHSA-2026:6469
Comment 28 errata-xmlrpc 2026-04-08 11:54:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:7036 https://access.redhat.com/errata/RHSA-2026:7036
Comment 29 errata-xmlrpc 2026-04-08 12:00:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:7034 https://access.redhat.com/errata/RHSA-2026:7034
Comment 30 errata-xmlrpc 2026-04-08 12:09:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:7032 https://access.redhat.com/errata/RHSA-2026:7032
Comment 31 errata-xmlrpc 2026-04-08 12:09:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:7033 https://access.redhat.com/errata/RHSA-2026:7033
Comment 32 errata-xmlrpc 2026-04-08 12:39:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:7035 https://access.redhat.com/errata/RHSA-2026:7035
Comment 33 errata-xmlrpc 2026-04-09 08:24:29 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2026:6553 https://access.redhat.com/errata/RHSA-2026:6553
Comment 34 errata-xmlrpc 2026-04-16 10:24:17 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2026:7239 https://access.redhat.com/errata/RHSA-2026:7239
Comment 35 errata-xmlrpc 2026-04-16 10:56:19 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2026:7243 https://access.redhat.com/errata/RHSA-2026:7243
Comment 40 errata-xmlrpc 2026-04-30 12:10:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2026:10097 https://access.redhat.com/errata/RHSA-2026:10097
Comment 41 errata-xmlrpc 2026-05-08 20:56:58 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2026:12274 https://access.redhat.com/errata/RHSA-2026:12274
Comment 42 errata-xmlrpc 2026-05-13 13:54:54 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2026:15087 https://access.redhat.com/errata/RHSA-2026:15087
Comment 43 errata-xmlrpc 2026-05-13 14:16:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2026:14773 https://access.redhat.com/errata/RHSA-2026:14773
Comment 44 errata-xmlrpc 2026-05-20 13:27:23 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2026:17596 https://access.redhat.com/errata/RHSA-2026:17596
Note You need to log in before you can comment on or make changes to this bug.