- What: Red Hat releases a security update for libpng
- Impact: Addresses information disclosure and denial of service vulnerabilities
Red Hat Product Errata RHSA-2026:17603 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17603 - Security Advisory Overview Updated Packages Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libpng is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(es): libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2451819 - CVE-2026-33636 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion CVEs CVE-2026-33636 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM libpng-1.6.37-12.el9_4.3.src.rpm SHA-256: a73a10ecb1dff1a9dc649277f0aaf89b44bca8c7d82d9a4c70825f8581459f1d x86_64 libpng-1.6.37-12.el9_4.3.i686.rpm SHA-256: 4c563ed88bcc3ba7d9d5ad330097266c3200be37fa080445c97f543a539ee767 libpng-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 4fd190b26bda5c103c24894fe33455b62c0ea89f1a9d5dcb1fcbc59629fb656d libpng-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: 8079e08beb1edb6cadd162de4b78e61e5db2ea9ede8855421e286051c5ebe920 libpng-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: 8079e08beb1edb6cadd162de4b78e61e5db2ea9ede8855421e286051c5ebe920 libpng-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 5996256810101408f8e68fe1d79af17dd67e67085bbac2bff7a95fbd73b29ca8 libpng-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 5996256810101408f8e68fe1d79af17dd67e67085bbac2bff7a95fbd73b29ca8 libpng-debugsource-1.6.37-12.el9_4.3.i686.rpm SHA-256: 7fe51a1ead36189824dbf7e470538f653bc0cf0ffc9461739ab5be41fc14948e libpng-debugsource-1.6.37-12.el9_4.3.i686.rpm SHA-256: 7fe51a1ead36189824dbf7e470538f653bc0cf0ffc9461739ab5be41fc14948e libpng-debugsource-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 038c9c753059cc604eef4e31011f71d9608fff2bd9891d609af44eae25592b86 libpng-debugsource-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 038c9c753059cc604eef4e31011f71d9608fff2bd9891d609af44eae25592b86 libpng-devel-1.6.37-12.el9_4.3.i686.rpm SHA-256: 246b922dc66ebd0e74eddcfa9c12ae0016cd0e7780412f4469d193a126a26d8e libpng-devel-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 727ee7e3f2a8bbbb69e1310ce66563dd14a828c591bc8f81699468aff9dfd2a6 libpng-devel-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: 47100fa29a638d0969a0057bf6e0b3e6d1e4e625f5b5f7ddc25b8b6e72728387 libpng-devel-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: 47100fa29a638d0969a0057bf6e0b3e6d1e4e625f5b5f7ddc25b8b6e72728387 libpng-devel-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: b840bd80583957cb9aa62e65254f180f26b392514de160ca169e4d959e7bc5c2 libpng-devel-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: b840bd80583957cb9aa62e65254f180f26b392514de160ca169e4d959e7bc5c2 libpng-tools-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: a41200d3fd049c78efad8138110ddac4341eab01eb7c68c0a33bcbb30f5a52ae libpng-tools-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: a41200d3fd049c78efad8138110ddac4341eab01eb7c68c0a33bcbb30f5a52ae libpng-tools-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 385400c6fd13d901c96287836b07a34a478854d8ae73b24d63ec0f1a2062c9a5 libpng-tools-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 385400c6fd13d901c96287836b07a34a478854d8ae73b24d63ec0f1a2062c9a5 Red Hat Enterprise Linux Server - AUS 9.4 SRPM libpng-1.6.37-12.el9_4.3.src.rpm SHA-256: a73a10ecb1dff1a9dc649277f0aaf89b44bca8c7d82d9a4c70825f8581459f1d x86_64 libpng-1.6.37-12.el9_4.3.i686.rpm SHA-256: 4c563ed88bcc3ba7d9d5ad330097266c3200be37fa080445c97f543a539ee767 libpng-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 4fd190b26bda5c103c24894fe33455b62c0ea89f1a9d5dcb1fcbc59629fb656d libpng-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: 8079e08beb1edb6cadd162de4b78e61e5db2ea9ede8855421e286051c5ebe920 libpng-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: 8079e08beb1edb6cadd162de4b78e61e5db2ea9ede8855421e286051c5ebe920 libpng-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 5996256810101408f8e68fe1d79af17dd67e67085bbac2bff7a95fbd73b29ca8 libpng-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 5996256810101408f8e68fe1d79af17dd67e67085bbac2bff7a95fbd73b29ca8 libpng-debugsource-1.6.37-12.el9_4.3.i686.rpm SHA-256: 7fe51a1ead36189824dbf7e470538f653bc0cf0ffc9461739ab5be41fc14948e libpng-debugsource-1.6.37-12.el9_4.3.i686.rpm SHA-256: 7fe51a1ead36189824dbf7e470538f653bc0cf0ffc9461739ab5be41fc14948e libpng-debugsource-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 038c9c753059cc604eef4e31011f71d9608fff2bd9891d609af44eae25592b86 libpng-debugsource-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 038c9c753059cc604eef4e31011f71d9608fff2bd9891d609af44eae25592b86 libpng-devel-1.6.37-12.el9_4.3.i686.rpm SHA-256: 246b922dc66ebd0e74eddcfa9c12ae0016cd0e7780412f4469d193a126a26d8e libpng-devel-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 727ee7e3f2a8bbbb69e1310ce66563dd14a828c591bc8f81699468aff9dfd2a6 libpng-devel-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: 47100fa29a638d0969a0057bf6e0b3e6d1e4e625f5b5f7ddc25b8b6e72728387 libpng-devel-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: 47100fa29a638d0969a0057bf6e0b3e6d1e4e625f5b5f7ddc25b8b6e72728387 libpng-devel-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: b840bd80583957cb9aa62e65254f180f26b392514de160ca169e4d959e7bc5c2 libpng-devel-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: b840bd80583957cb9aa62e65254f180f26b392514de160ca169e4d959e7bc5c2 libpng-tools-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: a41200d3fd049c78efad8138110ddac4341eab01eb7c68c0a33bcbb30f5a52ae libpng-tools-debuginfo-1.6.37-12.el9_4.3.i686.rpm SHA-256: a41200d3fd049c78efad8138110ddac4341eab01eb7c68c0a33bcbb30f5a52ae libpng-tools-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 385400c6fd13d901c96287836b07a34a478854d8ae73b24d63ec0f1a2062c9a5 libpng-tools-debuginfo-1.6.37-12.el9_4.3.x86_64.rpm SHA-256: 385400c6fd13d901c96287836b07a34a478854d8ae73b24d63ec0f1a2062c9a5 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM s390x libpng-1.6.37-12.el9_4.3.s390x.rpm SHA-256: 99b6bd6fb298f369fbf309d49dc1cdf2c7cd582ca312c9d08cb03e2c0f480dfb libpng-debuginfo-1.6.37-12.el9_4.3.s390x.rpm SHA-256: 3f1e621e61032bfcca937821c6364ae93ff564f07e1c7973bcbbcc58051bbf36 libpng-debugsource-1.6.37-12.el9_4.3.s390x.rpm SHA-256: 18590c370c2c5918147a34c98b84cc60528d6667f4b8f5e07d2d675fac40c43b libpng-devel-1.6.37-12.el9_4.3.s390x.rpm SHA-256: 1c7bbb0a0eafb13c386de2ac05bfd10030c511a46f07d4c17deca288f8789e8e libpng-devel-debuginfo-1.6.37-12.el9_4.3.s390x.rpm SHA-256: d901ab16cd9deaa2ec5c9015aa667a2edd867e47b4fcb29d6366fb302768f15d libpng-tools-debuginfo-1.6.37-12.el9_4.3.s390x.rpm SHA-256: 7614fd7b7311d96afaafa34f67bc70d25cae3688a816f65368946fb9cab136ca Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM libpng-1.6.37-12.el9_4.3.src.rpm SHA-256: a73a10ecb1dff1a9dc649277f0aaf89b44bca8c7d82d9a4c70825f8581459f1d ppc64le libpng-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 950b034475272afd626e44e0f8a4fe64c797e1979bc6be09e80c99f875829b11 libpng-debuginfo-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 71c881e302b2d94ce1973398bae93e31e1ce673b358c02e0d12cad66e3bc98eb libpng-debuginfo-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 71c881e302b2d94ce1973398bae93e31e1ce673b358c02e0d12cad66e3bc98eb libpng-debugsource-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 197a74d5cfa4c3f6507bd112975a96b453791fc46e24186e461996214230bad3 libpng-debugsource-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 197a74d5cfa4c3f6507bd112975a96b453791fc46e24186e461996214230bad3 libpng-devel-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 466719ba1c294baa81c38c13a83b372f1896107e49fa1513aa0a684cd494bb87 libpng-devel-debuginfo-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 5f91b393bfeb7c50ab45016bc03d657d4a7c9d842064f3b579345f70d8ee5445 libpng-devel-debuginfo-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 5f91b393bfeb7c50ab45016bc03d657d4a7c9d842064f3b579345f70d8ee5445 libpng-tools-debuginfo-1.6.37-12.el9_4.3.ppc64le.rpm SHA-256: 2fa8a8c07c21d5718bc8b0cf670a88fec2309c05883affee0a49231815733f56 libpng-tools-debuginfo