SB20260213151 - Fedora 42 update for libpng
Published: February 13, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2026-22695)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.
The vulnerability exists due to a boundary condition within the png_image_finish_read() function when reading 16-bit PNG images with 8-bit output format and non-minimal row stride. A remote attacker can supply a specially crafted PNG image file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
Note, the vulnerability exists due to an incomplete fix for #VU118777 (CVE-2025-65018).
2) Out-of-bounds read (CVE-ID: CVE-2026-22801)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the application.
The vulnerability exists due to integer truncation within the png_write_image_16bit() and png_write_image_8bit() functions. A remote attacker can supply a specially crafted PNG file to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
3) Heap-based buffer overflow (CVE-ID: CVE-2026-25646)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the png_set_quantize() API function. A remote attacker can pass specially crafted PNG image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.