A use-after-free vulnerability (CVE-2026-33416, CVSS 7.5 HIGH) in libpng can lead to arbitrary code execution. The vulnerability affects libpng versions from 1.2.1 through 1.6.55. The flaw is fixed in libpng version 1.6.56.
Red Hat Product Errata RHSA-2026:20549 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20549 - Security Advisory Overview Updated Packages Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libpng is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(es): libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2451805 - CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVEs CVE-2026-33416 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM libpng-1.6.37-12.el9_4.4.src.rpm SHA-256: ba986b1060b386b9999e6c3cacfa7ce8492a9c6e0196d542a67427cd616742c2 x86_64 libpng-1.6.37-12.el9_4.4.i686.rpm SHA-256: 36eb7a4826eab0138142db37315663d4abfb2c452c44b2a91f0a739fb41ca06a libpng-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: c966ec3963ae1dfdc367d5c6eeda93b8dd870c4d6d13948e14b959ace1b4c621 libpng-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: f3e1a26a62664c84114d5b0824c621e174d2b7dd2dbcdc2866db720b8363d833 libpng-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: f3e1a26a62664c84114d5b0824c621e174d2b7dd2dbcdc2866db720b8363d833 libpng-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: 165a631153f6db477037a29ef7d57effe96507f8dc39370c998296a8512871f3 libpng-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: 165a631153f6db477037a29ef7d57effe96507f8dc39370c998296a8512871f3 libpng-debugsource-1.6.37-12.el9_4.4.i686.rpm SHA-256: fa50bc27f603eb0e8300c05ae51577cc7a8bff9840e61e35f4c0eb015269a6f9 libpng-debugsource-1.6.37-12.el9_4.4.i686.rpm SHA-256: fa50bc27f603eb0e8300c05ae51577cc7a8bff9840e61e35f4c0eb015269a6f9 libpng-debugsource-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: f4314162b2f6e702bc717b819214e4c738a533a85386b683f085974021283523 libpng-debugsource-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: f4314162b2f6e702bc717b819214e4c738a533a85386b683f085974021283523 libpng-devel-1.6.37-12.el9_4.4.i686.rpm SHA-256: cf3d087bb797fe9a399b83dc4c9b7efc202eb418c921a2ed3570c75140bbe31e libpng-devel-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: 91b85640ba9f841a8884aa84bc207bd71217066bbb3471e8c55062c9c6a3c1f3 libpng-devel-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: ea2977e30b9157a0252e71b8041608cc338263d558144ab93aa914b26b8714a5 libpng-devel-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: ea2977e30b9157a0252e71b8041608cc338263d558144ab93aa914b26b8714a5 libpng-devel-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: a634064dbb865eeb466dc576c032fddd937583b9441f12d6926ebd09ec950a59 libpng-devel-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: a634064dbb865eeb466dc576c032fddd937583b9441f12d6926ebd09ec950a59 libpng-tools-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: e57b842184415715289074c9f56607883dc840b1a3bc660a9859bd6e7616b919 libpng-tools-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: e57b842184415715289074c9f56607883dc840b1a3bc660a9859bd6e7616b919 libpng-tools-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: c48d2a95a952233a2e2b7e2a2320c5ebdfc23929f141f1c31b523fceabc845ac libpng-tools-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: c48d2a95a952233a2e2b7e2a2320c5ebdfc23929f141f1c31b523fceabc845ac Red Hat Enterprise Linux Server - AUS 9.4 SRPM libpng-1.6.37-12.el9_4.4.src.rpm SHA-256: ba986b1060b386b9999e6c3cacfa7ce8492a9c6e0196d542a67427cd616742c2 x86_64 libpng-1.6.37-12.el9_4.4.i686.rpm SHA-256: 36eb7a4826eab0138142db37315663d4abfb2c452c44b2a91f0a739fb41ca06a libpng-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: c966ec3963ae1dfdc367d5c6eeda93b8dd870c4d6d13948e14b959ace1b4c621 libpng-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: f3e1a26a62664c84114d5b0824c621e174d2b7dd2dbcdc2866db720b8363d833 libpng-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: f3e1a26a62664c84114d5b0824c621e174d2b7dd2dbcdc2866db720b8363d833 libpng-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: 165a631153f6db477037a29ef7d57effe96507f8dc39370c998296a8512871f3 libpng-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: 165a631153f6db477037a29ef7d57effe96507f8dc39370c998296a8512871f3 libpng-debugsource-1.6.37-12.el9_4.4.i686.rpm SHA-256: fa50bc27f603eb0e8300c05ae51577cc7a8bff9840e61e35f4c0eb015269a6f9 libpng-debugsource-1.6.37-12.el9_4.4.i686.rpm SHA-256: fa50bc27f603eb0e8300c05ae51577cc7a8bff9840e61e35f4c0eb015269a6f9 libpng-debugsource-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: f4314162b2f6e702bc717b819214e4c738a533a85386b683f085974021283523 libpng-debugsource-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: f4314162b2f6e702bc717b819214e4c738a533a85386b683f085974021283523 libpng-devel-1.6.37-12.el9_4.4.i686.rpm SHA-256: cf3d087bb797fe9a399b83dc4c9b7efc202eb418c921a2ed3570c75140bbe31e libpng-devel-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: 91b85640ba9f841a8884aa84bc207bd71217066bbb3471e8c55062c9c6a3c1f3 libpng-devel-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: ea2977e30b9157a0252e71b8041608cc338263d558144ab93aa914b26b8714a5 libpng-devel-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: ea2977e30b9157a0252e71b8041608cc338263d558144ab93aa914b26b8714a5 libpng-devel-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: a634064dbb865eeb466dc576c032fddd937583b9441f12d6926ebd09ec950a59 libpng-devel-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: a634064dbb865eeb466dc576c032fddd937583b9441f12d6926ebd09ec950a59 libpng-tools-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: e57b842184415715289074c9f56607883dc840b1a3bc660a9859bd6e7616b919 libpng-tools-debuginfo-1.6.37-12.el9_4.4.i686.rpm SHA-256: e57b842184415715289074c9f56607883dc840b1a3bc660a9859bd6e7616b919 libpng-tools-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: c48d2a95a952233a2e2b7e2a2320c5ebdfc23929f141f1c31b523fceabc845ac libpng-tools-debuginfo-1.6.37-12.el9_4.4.x86_64.rpm SHA-256: c48d2a95a952233a2e2b7e2a2320c5ebdfc23929f141f1c31b523fceabc845ac Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM s390x libpng-1.6.37-12.el9_4.4.s390x.rpm SHA-256: 183d24b856d5fcfdf77c42657906e312ae16ecd74c7fd52e863f930ef012c0ab libpng-debuginfo-1.6.37-12.el9_4.4.s390x.rpm SHA-256: 7da1cd8eabb3e3431751e9ee7954e13eaeacf17f459a9160d6277cac8ea79d6e libpng-debugsource-1.6.37-12.el9_4.4.s390x.rpm SHA-256: 552847373f6a5ca702e37da3996e88e96b1e6fafcd121ef7f013a367cdb298d2 libpng-devel-1.6.37-12.el9_4.4.s390x.rpm SHA-256: a316dbf4aa7cb961dc42672af73dc3a4ffaa5f197fff14b2a052c4785b3e704f libpng-devel-debuginfo-1.6.37-12.el9_4.4.s390x.rpm SHA-256: f00e85da6e40662e7d78db6c1bae30f674b5cf372e386135eee8ac5002947f24 libpng-tools-debuginfo-1.6.37-12.el9_4.4.s390x.rpm SHA-256: fefd6ebb70fb4a40d3435f6514e6522f669db58fb1af53c8a565b665f0e179b8 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM libpng-1.6.37-12.el9_4.4.src.rpm SHA-256: ba986b1060b386b9999e6c3cacfa7ce8492a9c6e0196d542a67427cd616742c2 ppc64le libpng-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: d68fd736b33777d7e2b3cffd04b1998af053c390641d873ad2212c26b406a2b8 libpng-debuginfo-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: 0d4b0bfd9260b1a673db059404296a66c49be4c02303f7d1174d7251b3ee9798 libpng-debuginfo-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: 0d4b0bfd9260b1a673db059404296a66c49be4c02303f7d1174d7251b3ee9798 libpng-debugsource-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: 3b1c975d51b77e7a932179a66f53dd8af0f3d7ca09a552224d2811caba92ce40 libpng-debugsource-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: 3b1c975d51b77e7a932179a66f53dd8af0f3d7ca09a552224d2811caba92ce40 libpng-devel-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: b3e742e9fdc798600b0845440ecd8c7c2a82de287530ea5dca03ea132dfdfd64 libpng-devel-debuginfo-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: cc01a334fce11f4db93695b3f7551ba9ae51371e4c0b50ef5490249a0f6e1c30 libpng-devel-debuginfo-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: cc01a334fce11f4db93695b3f7551ba9ae51371e4c0b50ef5490249a0f6e1c30 libpng-tools-debuginfo-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: a2c16b605c11df2d5429b92213b1766a9657bb156d641acd6334a6c20fb918c0 libpng-tools-debuginfo-1.6.37-12.el9_4.4.ppc64le.rpm SHA-256: a2c16b605c11df2d5429b92213b1766a9657bb