VIR Vulnerability Intelligence Relay

CVE-2026-22695

high
Published 2026-02-26 Β· Modified 2026-03-17
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
8.0

Description

RHSA-2026:4728: libpng security update (Important)

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read Red Hat statement This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user…

Description

libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read

Red Hat statement

This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.

CVSS v3: 6.1 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
OPENJDK ELS 11.0.31java-11-openjdk-portableRHSA-2026:92552026-04-22T00:00:00Z
Red Hat Enterprise Linux 10libpng-2:1.6.40-8.el10_1.2RHSA-2026:35512026-03-02T00:00:00Z
Red Hat Enterprise Linux 10.0 Extended Update Supportlibpng-2:1.6.40-8.el10_0.2RHSA-2026:35772026-03-03T00:00:00Z
Red Hat Enterprise Linux 8mingw-libpng-0:1.6.34-2.el8_10RHSA-2026:43062026-03-11T00:00:00Z
Red Hat Enterprise Linux 8libpng-2:1.6.34-10.el8_10RHSA-2026:47282026-03-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Supportlibpng-2:1.6.34-8.el8_2.2RHSA-2026:47322026-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Supportlibpng-2:1.6.34-8.el8_4.2RHSA-2026:47312026-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-Onlibpng-2:1.6.34-8.el8_4.2RHSA-2026:47312026-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Supportlibpng-2:1.6.34-8.el8_6.2RHSA-2026:47302026-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Servicelibpng-2:1.6.34-8.el8_6.2RHSA-2026:47302026-03-17T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutionslibpng-2:1.6.34-8.el8_6.2RHSA-2026:47302026-03-17T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Servicelibpng-2:1.6.34-8.el8_8.2RHSA-2026:47292026-03-17T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutionslibpng-2:1.6.34-8.el8_8.2RHSA-2026:47292026-03-17T00:00:00Z
Red Hat Enterprise Linux 9libpng-2:1.6.37-12.el9_7.2RHSA-2026:34052026-02-26T00:00:00Z
Red Hat Enterprise Linux 9libpng-2:1.6.37-12.el9_7.2RHSA-2026:34052026-02-26T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutionslibpng-2:1.6.37-12.el9_0.2RHSA-2026:35732026-03-02T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutionslibpng-2:1.6.37-12.el9_2.2RHSA-2026:35752026-03-03T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Supportlibpng-2:1.6.37-12.el9_4.2RHSA-2026:35742026-03-03T00:00:00Z
Red Hat Enterprise Linux 9.6 Extended Update Supportlibpng-2:1.6.37-12.el9_6.2RHSA-2026:35762026-03-03T00:00:00Z
Red Hat OpenJDK 11 els for RHEL 7java-11-openjdk-1:11.0.31.0.11-1.el7_9RHSA-2026:92542026-04-22T00:00:00Z
Red Hat OpenJDK 11 els for RHEL 8java-11-openjdk-1:11.0.31.0.11-1.el8RHSA-2026:92542026-04-22T00:00:00Z
Red Hat OpenJDK 11 els for RHEL 9java-11-openjdk-1:11.0.31.0.11-1.el9RHSA-2026:92542026-04-22T00:00:00Z
Red Hat OpenShift Container Platform 4.12rhcos-412.86.202604281506-0RHSA-2026:122742026-05-08T00:00:00Z
Red Hat AI Inference Server 3.3rhaiis/vllm-spyre-rhel9:1778244546RHSA-2026:161742026-05-12T00:00:00Z
Red Hat AI Inference Server 3.3rhaiis/vllm-cuda-rhel9:1775680192RHSA-2026:87462026-04-17T00:00:00Z
Red Hat AI Inference Server 3.3rhaiis/vllm-rocm-rhel9:1775680262RHSA-2026:87472026-04-17T00:00:00Z
Red Hat AI Inference Server 3.3rhaiis/model-opt-cuda-rhel9:1775749857RHSA-2026:87482026-04-17T00:00:00Z
Red Hat Ceph Storage 8rhceph/rhceph-8-rhel9:1774002867RHSA-2026:56062026-03-24T00:00:00Z
Red Hat Discovery 2discovery/discovery-ui-rhel9:1773273070RHSA-2026:45012026-03-12T00:00:00Z
Red Hat Hardened Imageslibpng-main-1.6.56-1.hum1RHSA-2026:67322026-04-07T00:00:00Z

Package state

ProductPackageState
Red Hat build of OpenJDK 11 ELSjava-21-openjdk-portableNot affected
Red Hat build of OpenJDK 17java-17-openjdk-portableAffected
Red Hat build of OpenJDK 17java-21-openjdk-portableNot affected
Red Hat build of OpenJDK 1.8java-1.8.0-openjdk-portableAffected
Red Hat build of OpenJDK 21java-21-openjdk-portableAffected
Red Hat build of OpenJDK 21java-21-openjdk-portable-rhel7Not affected
Red Hat build of OpenJDK 25java-21-openjdk-vanillaNot affected
Red Hat build of OpenJDK 25java-25-openjdk-portableAffected
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10java-21-openjdkAffected
Red Hat Enterprise Linux 10java-25-openjdkAffected
Red Hat Enterprise Linux 10thunderbirdNot affected
Red Hat Enterprise Linux 6libpngAffected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7libpngNot affected
Red Hat Enterprise Linux 7libpng12Not affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8java-17-openjdkAffected
Red Hat Enterprise Linux 8java-1.8.0-openjdkAffected
Red Hat Enterprise Linux 8java-21-openjdkAffected
Red Hat Enterprise Linux 8libpng12Not affected
Red Hat Enterprise Linux 8libpng15Not affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 9firefoxNot affected
Red Hat Enterprise Linux 9java-17-openjdkAffected
Red Hat Enterprise Linux 9java-1.8.0-openjdkAffected
Red Hat Enterprise Linux 9java-21-openjdkAffected
Red Hat Enterprise Linux 9java-25-openjdkAffected
Red Hat Enterprise Linux 9libpng15Not affected
Red Hat Enterprise Linux 9thunderbirdNot affected

Apply commands

bash fix
Apply RHSA-2026:9255 for OPENJDK ELS 11.0.31
yum update -y java
# or:
dnf upgrade -y java

Affected

VendorProductVersion
redhatRed Hat build of OpenJDK 11 ELSNot affected
redhatRed Hat build of OpenJDK 17Affected
redhatRed Hat build of OpenJDK 17Not affected
redhatRed Hat build of OpenJDK 1.8Affected
redhatRed Hat build of OpenJDK 21Affected
redhatRed Hat build of OpenJDK 21Not affected
redhatRed Hat build of OpenJDK 25Not affected
redhatRed Hat build of OpenJDK 25Affected
redhatRed Hat Enterprise Linux 10Not affected
redhatRed Hat Enterprise Linux 10Affected
redhatRed Hat Enterprise Linux 10Affected
redhatRed Hat Enterprise Linux 10Not affected
redhatRed Hat Enterprise Linux 6Affected
redhatRed Hat Enterprise Linux 7Not affected
redhatRed Hat Enterprise Linux 7Not affected
redhatRed Hat Enterprise Linux 7Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 8Affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 8Not affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat Enterprise Linux 9Affected
redhatRed Hat Enterprise Linux 9Affected
redhatRed Hat Enterprise Linux 9Affected
redhatRed Hat Enterprise Linux 9Affected
redhatRed Hat Enterprise Linux 9Not affected
redhatRed Hat Enterprise Linux 9Not affected

OS impact
OSVersionStatusFixed in
rockylinux rocky8fixed
redhat rhel9fixed
debian debianbookwormfixed1.6.39-2+deb12u2
debian debianbullseyefixed1.6.37-3+deb11u2
debian debianforkyfixed1.6.54-1
debian debiansidfixed1.6.54-1
debian debiantrixiefixed1.6.48-1+deb13u2
suse slesaffected
rockylinux rocky9fixed
almalinux almalinux9fixedlibpng-devel-1.6.37-12.el9_7.2.aarch64.rpm
redhat rhel8fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.