Red Hat Product Errata RHSA-2026:20551 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20551 - Security Advisory Overview Updated Packages Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libpng is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(es): libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2451805 - CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVEs CVE-2026-33416 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM libpng-1.6.40-8.el10_0.4.src.rpm SHA-256: ed94e2669be303c5f5f5626af5e0a536bf69879b0017ce9f4bdb4f8d78e94e6e x86_64 libpng-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 7ed2d000d67874807a764e0ff3572abb55de59e9ede472ecf7c61df9f32f2061 libpng-debuginfo-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 263a5aac66bd1755e00e0d397dda685a6c828e8b11e3b4e856222716b443f75d libpng-debuginfo-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 263a5aac66bd1755e00e0d397dda685a6c828e8b11e3b4e856222716b443f75d libpng-debugsource-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 26193962c7c00560ba01ed0168029c790e4465475668b30c08211aa05c0555e7 libpng-debugsource-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 26193962c7c00560ba01ed0168029c790e4465475668b30c08211aa05c0555e7 libpng-devel-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 0fc88eecbffba25f90afe1db8e4207ea54f85a1a1e0ae897ce3904ea1676b447 libpng-devel-debuginfo-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 30fbea938a080aca163624045808e08bcd8064699dd748a029aa1e2291914fee libpng-devel-debuginfo-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 30fbea938a080aca163624045808e08bcd8064699dd748a029aa1e2291914fee libpng-tools-debuginfo-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 934f64e003e5804c2af445a9d02aabb88e10c7052ea96be0b750142642b542b4 libpng-tools-debuginfo-1.6.40-8.el10_0.4.x86_64.rpm SHA-256: 934f64e003e5804c2af445a9d02aabb88e10c7052ea96be0b750142642b542b4 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM s390x libpng-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 2495102c859230bfb048f66b11922e13683742f0f1d9352de151295f34f3c12d libpng-debuginfo-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 32cbc630c1c25895224ef08af49b2b25949ee07066d87b1b407a89f951062496 libpng-debugsource-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 1c9e9f44a2d9530f9521fb3f79a92c85be58c480efd36384dca13f6e550c30f3 libpng-devel-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 46bb9ff849632217dc40c8df5154cdc23cd6bbd2901dbbe0f684b27d48083412 libpng-devel-debuginfo-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 90e2a9ccf7736db6c5965d515305c2bb47e523f22d2e7c5cabf795fc1a05a368 libpng-tools-debuginfo-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 916957bbe93c05c1f1c78f694d1d011e899344c59f3f88fda4184f13f457ee0b Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM libpng-1.6.40-8.el10_0.4.src.rpm SHA-256: ed94e2669be303c5f5f5626af5e0a536bf69879b0017ce9f4bdb4f8d78e94e6e ppc64le libpng-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 94c79dfbea3121bc7c65cb81ef469e195972da3b100d6841bc71d88684a8b5ab libpng-debuginfo-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 3c05aaaf5c71436c40f14c2dcc7147d06ddf4ba366d0d4f17d698ab057d07588 libpng-debuginfo-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 3c05aaaf5c71436c40f14c2dcc7147d06ddf4ba366d0d4f17d698ab057d07588 libpng-debugsource-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 157efb93dc75dd5502f282a68512fff71a8d6e308a98e1f5fbe18a33830ecdca libpng-debugsource-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 157efb93dc75dd5502f282a68512fff71a8d6e308a98e1f5fbe18a33830ecdca libpng-devel-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: fa69e6d9142a7187cb9ced697d405b4f533a31b53c5d0078725b4f25c3a1c5b9 libpng-devel-debuginfo-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 1029c0180baf906fac6b6a6b90c1e14db04455966f85dfc5b63e2d2252d41d63 libpng-devel-debuginfo-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 1029c0180baf906fac6b6a6b90c1e14db04455966f85dfc5b63e2d2252d41d63 libpng-tools-debuginfo-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 1f43651d63057b0087345943a5cbfd3c27f18c2452f1c754975e217e7a0f7eb4 libpng-tools-debuginfo-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 1f43651d63057b0087345943a5cbfd3c27f18c2452f1c754975e217e7a0f7eb4 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM libpng-1.6.40-8.el10_0.4.src.rpm SHA-256: ed94e2669be303c5f5f5626af5e0a536bf69879b0017ce9f4bdb4f8d78e94e6e aarch64 libpng-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 1534a49517a12ca18fcecb2410f938c7b7c056d007eea31498ee63aa47147a59 libpng-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: ecc48ef0b828992a34d583b767a2209f7f4237c14e1c720cf93c928e173fa621 libpng-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: ecc48ef0b828992a34d583b767a2209f7f4237c14e1c720cf93c928e173fa621 libpng-debugsource-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 19fa581b3ae0429162c33036adad14b25a60fe60665d2d36a0760ebed744baef libpng-debugsource-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 19fa581b3ae0429162c33036adad14b25a60fe60665d2d36a0760ebed744baef libpng-devel-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: a64ea81ce16972414ddb9c81e6cfa5a65ee9d058d8ee655d4e9655b9757a3daa libpng-devel-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 19c70ec32e0de198f089d13da50795cba1c0e02c3082e17542556f52d3736e99 libpng-devel-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 19c70ec32e0de198f089d13da50795cba1c0e02c3082e17542556f52d3736e99 libpng-tools-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 7705064b0a0ec46f3af098aced6539c754274ac8449f67df7f1c7c34839c2d3d libpng-tools-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 7705064b0a0ec46f3af098aced6539c754274ac8449f67df7f1c7c34839c2d3d Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM libpng-1.6.40-8.el10_0.4.src.rpm SHA-256: ed94e2669be303c5f5f5626af5e0a536bf69879b0017ce9f4bdb4f8d78e94e6e aarch64 libpng-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 1534a49517a12ca18fcecb2410f938c7b7c056d007eea31498ee63aa47147a59 libpng-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: ecc48ef0b828992a34d583b767a2209f7f4237c14e1c720cf93c928e173fa621 libpng-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: ecc48ef0b828992a34d583b767a2209f7f4237c14e1c720cf93c928e173fa621 libpng-debugsource-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 19fa581b3ae0429162c33036adad14b25a60fe60665d2d36a0760ebed744baef libpng-debugsource-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 19fa581b3ae0429162c33036adad14b25a60fe60665d2d36a0760ebed744baef libpng-devel-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: a64ea81ce16972414ddb9c81e6cfa5a65ee9d058d8ee655d4e9655b9757a3daa libpng-devel-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 19c70ec32e0de198f089d13da50795cba1c0e02c3082e17542556f52d3736e99 libpng-devel-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 19c70ec32e0de198f089d13da50795cba1c0e02c3082e17542556f52d3736e99 libpng-tools-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 7705064b0a0ec46f3af098aced6539c754274ac8449f67df7f1c7c34839c2d3d libpng-tools-debuginfo-1.6.40-8.el10_0.4.aarch64.rpm SHA-256: 7705064b0a0ec46f3af098aced6539c754274ac8449f67df7f1c7c34839c2d3d Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM s390x libpng-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 2495102c859230bfb048f66b11922e13683742f0f1d9352de151295f34f3c12d libpng-debuginfo-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 32cbc630c1c25895224ef08af49b2b25949ee07066d87b1b407a89f951062496 libpng-debugsource-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 1c9e9f44a2d9530f9521fb3f79a92c85be58c480efd36384dca13f6e550c30f3 libpng-devel-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 46bb9ff849632217dc40c8df5154cdc23cd6bbd2901dbbe0f684b27d48083412 libpng-devel-debuginfo-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 90e2a9ccf7736db6c5965d515305c2bb47e523f22d2e7c5cabf795fc1a05a368 libpng-tools-debuginfo-1.6.40-8.el10_0.4.s390x.rpm SHA-256: 916957bbe93c05c1f1c78f694d1d011e899344c59f3f88fda4184f13f457ee0b Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM libpng-1.6.40-8.el10_0.4.src.rpm SHA-256: ed94e2669be303c5f5f5626af5e0a536bf69879b0017ce9f4bdb4f8d78e94e6e ppc64le libpng-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 94c79dfbea3121bc7c65cb81ef469e195972da3b100d6841bc71d88684a8b5ab libpng-debuginfo-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 3c05aaaf5c71436c40f14c2dcc7147d06ddf4ba366d0d4f17d698ab057d07588 libpng-debuginfo-1.6.40-8.el10_0.4.ppc64le.rpm SHA-256: 3