Issued at: 2026-01-09
Updated at: 2026-01-23
Synopsis
Important: libpng security update
Description
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: LIBPNG buffer overflow (CVE-2025-64720)
* libpng: LIBPNG heap buffer overflow (CVE-2025-65018)
* libpng: LIBPNG out-of-bounds read in png_image_read_composite (CVE-2025-66293)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected products
Rocky Linux 8 aarch64
Rocky Linux 8 x86_64
Fixes
2416904
2416907
2418711
CVEs
CVE-2025-64720
CVE-2025-65018
CVE-2025-66293
Affected packages
Rocky Linux 8 aarch64 - BaseOS
libpng-2:1.6.34-9.el8_10.aarch64.rpm
libpng-2:1.6.34-9.el8_10.src.rpm
libpng-debuginfo-2:1.6.34-9.el8_10.aarch64.rpm
libpng-debugsource-2:1.6.34-9.el8_10.aarch64.rpm
libpng-devel-2:1.6.34-9.el8_10.aarch64.rpm
libpng-devel-debuginfo-2:1.6.34-9.el8_10.aarch64.rpm
Rocky Linux 8 x86_64 - BaseOS
libpng-2:1.6.34-9.el8_10.i686.rpm
libpng-2:1.6.34-9.el8_10.src.rpm
libpng-2:1.6.34-9.el8_10.x86_64.rpm
libpng-debuginfo-2:1.6.34-9.el8_10.i686.rpm
libpng-debuginfo-2:1.6.34-9.el8_10.x86_64.rpm
libpng-debugsource-2:1.6.34-9.el8_10.i686.rpm
libpng-debugsource-2:1.6.34-9.el8_10.x86_64.rpm
libpng-devel-2:1.6.34-9.el8_10.i686.rpm
libpng-devel-2:1.6.34-9.el8_10.x86_64.rpm
libpng-devel-debuginfo-2:1.6.34-9.el8_10.i686.rpm
libpng-devel-debuginfo-2:1.6.34-9.el8_10.x86_64.rpm