mingw-libpng-1.6.34-2.el8_10

エラータID: AXSA:2026-307:02

Release date: 
Monday, March 16, 2026 - 14:58
Subject: 
mingw-libpng-1.6.34-2.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

MinGW Windows Libpng library.

Security Fix(es):

* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-22695
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Solution: 

Update packages.

CVEs: 
CVE-2026-22695
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Additional Info: 

N/A

Download: 

SRPMS
  1. mingw-libpng-1.6.34-2.el8_10.src.rpm
    MD5: 295c87ad7460a94ef47ae509b49a6bd0
    SHA-256: 365fc06a289e6debff738bc4782d70830439942c2d98c943dd57605a8164c3d8
    Size: 0.97 MB

Asianux Server 8 for x86_64
  1. mingw32-libpng-1.6.34-2.el8_10.noarch.rpm
    MD5: bcb133c018bc02bede61fa8e2bbd179a
    SHA-256: f4df195102665925ff9039c1ee297bfdd10a6d3edc3f7f7c6863dee4d1a141cb
    Size: 281.76 kB
  2. mingw32-libpng-static-1.6.34-2.el8_10.noarch.rpm
    MD5: dae32dae60f1e39dc82802c19ec07c51
    SHA-256: 0147c8de43b25cf95d7ca62134b09457eb4041c01f9bac5790da31ce18d1456f
    Size: 99.73 kB
  3. mingw64-libpng-1.6.34-2.el8_10.noarch.rpm
    MD5: 3aa5135860ddc778f4f7a1bc0706af0c
    SHA-256: c41c1e0f3f03f65765fc969fb17a37f91b17f2a4d6fc9efb6f6f10599c1e6c8e
    Size: 287.45 kB
  4. mingw64-libpng-static-1.6.34-2.el8_10.noarch.rpm
    MD5: 4a06d165d434ab6487d5eb7d5dfb85c7
    SHA-256: 8c1411bc808d4b2fefd067868966ca4c0741d4d20f9e00345d65044f21aa6abc
    Size: 107.37 kB