2460045 – (CVE-2026-22020) CVE-2026-22020 openjdk: OpenJDK: Update LibPNG (Oracle CPU 2026-04)

Bug 2460045 (CVE-2026-22020) - CVE-2026-22020 openjdk: OpenJDK: Update LibPNG (Oracle CPU 2026-04)

Summary: CVE-2026-22020 openjdk: OpenJDK: Update LibPNG (Oracle CPU 2026-04)

Keywords:
Status:	NEW
Alias:	CVE-2026-22020
Deadline:	2026-04-21
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2460609 2460610 2460611 2460612 2460613 2460614 2460615 2460618 2460620 2460623 2460625 2460628 2460630 2460633 2460635
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-21 10:08 UTC by OSIDB Bzimport
Modified:	2026-04-24 15:20 UTC (History)
CC List:	21 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-21 10:08:35 UTC

LibPNG has several reported CVEs and needs to be updated.

Comment 2 Michal Findra 2026-04-23 09:03:23 UTC

This CVE was fixed in Oracle Java SE 8u491, 11.0.31, 17.0.19, 21.0.11, 25.0.3. 

https://www.oracle.com/java/technologies/javase/8u491-relnotes.html#R180_491
https://www.oracle.com/java/technologies/javase/11-0-31-relnotes.html#R11_0_31
https://www.oracle.com/java/technologies/javase/17-0-19-relnotes.html#R17_0_19
https://www.oracle.com/java/technologies/javase/21-0-11-relnotes.html
https://www.oracle.com/java/technologies/javase/25-0-3-relnotes.html

Note You need to log in before you can comment on or make changes to this bug.

adudiak
ahughes
caswilli
fferrari
gotiwari
jgrulich
jhorak
kaycoth
khosford
kshier
mtorre
mvyas
pjindal
rhel-process-autobot
security-response-team
stcannon
teagle
tfitzsim
tpopela
watson-tool-maintainers
yguenane