Issued at: 2026-01-09
Updated at: 2026-01-23
Synopsis
Important: libpng security update
Description
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected products
Rocky Linux 9 aarch64
Rocky Linux 9 x86_64
Fixes
2416904
2416907
2418711
CVEs
CVE-2025-64720
CVE-2025-65018
CVE-2025-66293
Affected packages
Rocky Linux 9 aarch64 - BaseOS
libpng-2:1.6.37-12.el9_7.1.aarch64.rpm
libpng-2:1.6.37-12.el9_7.1.src.rpm
libpng-debuginfo-2:1.6.37-12.el9_7.1.aarch64.rpm
libpng-debugsource-2:1.6.37-12.el9_7.1.aarch64.rpm
Rocky Linux 9 x86_64 - BaseOS
libpng-2:1.6.37-12.el9_7.1.i686.rpm
libpng-2:1.6.37-12.el9_7.1.src.rpm
libpng-2:1.6.37-12.el9_7.1.x86_64.rpm
libpng-debuginfo-2:1.6.37-12.el9_7.1.i686.rpm
libpng-debuginfo-2:1.6.37-12.el9_7.1.x86_64.rpm
libpng-debugsource-2:1.6.37-12.el9_7.1.i686.rpm
libpng-debugsource-2:1.6.37-12.el9_7.1.x86_64.rpm
Rocky Linux 9 s390x - BaseOS
libpng-2:1.6.37-12.el9_7.1.src.rpm
Rocky Linux 9 ppc64le - BaseOS
libpng-2:1.6.37-12.el9_7.1.src.rpm
Rocky Linux 9 aarch64 - AppStream
libpng-devel-2:1.6.37-12.el9_7.1.aarch64.rpm
libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.aarch64.rpm
Rocky Linux 9 x86_64 - AppStream
libpng-devel-2:1.6.37-12.el9_7.1.i686.rpm
libpng-devel-2:1.6.37-12.el9_7.1.x86_64.rpm
libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.i686.rpm
libpng-devel-debuginfo-2:1.6.37-12.el9_7.1.x86_64.rpm