- What: Security vulnerability in libpng (CVE-2026-33416)
- Impact: Potential arbitrary code execution if not patched
Red Hat Product Errata RHSA-2026:20548 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20548 - Security Advisory Overview Updated Packages Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libpng is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(es): libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2451805 - CVE-2026-33416 libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVEs CVE-2026-33416 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM libpng-1.6.37-12.el9_6.4.src.rpm SHA-256: 48fac7e795ccfb585ca4025e9683167525d104c4da2749e1cb7035e2e63db97c x86_64 libpng-1.6.37-12.el9_6.4.i686.rpm SHA-256: 403a2e165fe4df6f042ee83d25bee887ea8daeb95f0c64a04db9ded9781c7e4a libpng-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: f982ba249503695c0f27d25e1acb31c021bbebc72e8de6f1e9c1124a21be0822 libpng-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: 8d35f7c3af60af6e68b8506d3e029311d21f0b91191d66a4791c55dba0009fb7 libpng-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: 8d35f7c3af60af6e68b8506d3e029311d21f0b91191d66a4791c55dba0009fb7 libpng-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 8a0e6f0d952153e6964c38003988cce99ce821fae4dcee73e6b2796bbe2ca16b libpng-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 8a0e6f0d952153e6964c38003988cce99ce821fae4dcee73e6b2796bbe2ca16b libpng-debugsource-1.6.37-12.el9_6.4.i686.rpm SHA-256: ad25511da5c5c592310756d5b0ecae9bd7955b75246e57e2c2a47f7b326fd277 libpng-debugsource-1.6.37-12.el9_6.4.i686.rpm SHA-256: ad25511da5c5c592310756d5b0ecae9bd7955b75246e57e2c2a47f7b326fd277 libpng-debugsource-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 7d2fcd42e6eb5bcf279e345a1e0116268bb797633eb83999e6150f4b0e1072c2 libpng-debugsource-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 7d2fcd42e6eb5bcf279e345a1e0116268bb797633eb83999e6150f4b0e1072c2 libpng-devel-1.6.37-12.el9_6.4.i686.rpm SHA-256: 868e5bc83049cf27d0bc1f0360405981bf24c795df19c74a3e787ed2417fb6d1 libpng-devel-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 5f513791f350ef03cc04ddf30aac9c82beeda7f0e5346e77b18409ad3ca08bb7 libpng-devel-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: 49b1dbafd140010c113c8624d70c874a280ee9ad8095f8aef18484cfee073b1c libpng-devel-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: 49b1dbafd140010c113c8624d70c874a280ee9ad8095f8aef18484cfee073b1c libpng-devel-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: d118d838f853bd0f4adc7cbcfa17f06252d7d9a2d8211492c13f7e82abc919ec libpng-devel-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: d118d838f853bd0f4adc7cbcfa17f06252d7d9a2d8211492c13f7e82abc919ec libpng-tools-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: e11700992939e0a63d7ba59ee1f7f29eeca157a0a45e96e544d4625fc3c9c3be libpng-tools-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: e11700992939e0a63d7ba59ee1f7f29eeca157a0a45e96e544d4625fc3c9c3be libpng-tools-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: af98234f867721316a0033169c8683d6e979f5f7fb638a96e4a43f0b0145ca85 libpng-tools-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: af98234f867721316a0033169c8683d6e979f5f7fb638a96e4a43f0b0145ca85 Red Hat Enterprise Linux Server - AUS 9.6 SRPM libpng-1.6.37-12.el9_6.4.src.rpm SHA-256: 48fac7e795ccfb585ca4025e9683167525d104c4da2749e1cb7035e2e63db97c x86_64 libpng-1.6.37-12.el9_6.4.i686.rpm SHA-256: 403a2e165fe4df6f042ee83d25bee887ea8daeb95f0c64a04db9ded9781c7e4a libpng-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: f982ba249503695c0f27d25e1acb31c021bbebc72e8de6f1e9c1124a21be0822 libpng-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: 8d35f7c3af60af6e68b8506d3e029311d21f0b91191d66a4791c55dba0009fb7 libpng-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: 8d35f7c3af60af6e68b8506d3e029311d21f0b91191d66a4791c55dba0009fb7 libpng-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 8a0e6f0d952153e6964c38003988cce99ce821fae4dcee73e6b2796bbe2ca16b libpng-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 8a0e6f0d952153e6964c38003988cce99ce821fae4dcee73e6b2796bbe2ca16b libpng-debugsource-1.6.37-12.el9_6.4.i686.rpm SHA-256: ad25511da5c5c592310756d5b0ecae9bd7955b75246e57e2c2a47f7b326fd277 libpng-debugsource-1.6.37-12.el9_6.4.i686.rpm SHA-256: ad25511da5c5c592310756d5b0ecae9bd7955b75246e57e2c2a47f7b326fd277 libpng-debugsource-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 7d2fcd42e6eb5bcf279e345a1e0116268bb797633eb83999e6150f4b0e1072c2 libpng-debugsource-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 7d2fcd42e6eb5bcf279e345a1e0116268bb797633eb83999e6150f4b0e1072c2 libpng-devel-1.6.37-12.el9_6.4.i686.rpm SHA-256: 868e5bc83049cf27d0bc1f0360405981bf24c795df19c74a3e787ed2417fb6d1 libpng-devel-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: 5f513791f350ef03cc04ddf30aac9c82beeda7f0e5346e77b18409ad3ca08bb7 libpng-devel-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: 49b1dbafd140010c113c8624d70c874a280ee9ad8095f8aef18484cfee073b1c libpng-devel-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: 49b1dbafd140010c113c8624d70c874a280ee9ad8095f8aef18484cfee073b1c libpng-devel-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: d118d838f853bd0f4adc7cbcfa17f06252d7d9a2d8211492c13f7e82abc919ec libpng-devel-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: d118d838f853bd0f4adc7cbcfa17f06252d7d9a2d8211492c13f7e82abc919ec libpng-tools-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: e11700992939e0a63d7ba59ee1f7f29eeca157a0a45e96e544d4625fc3c9c3be libpng-tools-debuginfo-1.6.37-12.el9_6.4.i686.rpm SHA-256: e11700992939e0a63d7ba59ee1f7f29eeca157a0a45e96e544d4625fc3c9c3be libpng-tools-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: af98234f867721316a0033169c8683d6e979f5f7fb638a96e4a43f0b0145ca85 libpng-tools-debuginfo-1.6.37-12.el9_6.4.x86_64.rpm SHA-256: af98234f867721316a0033169c8683d6e979f5f7fb638a96e4a43f0b0145ca85 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM s390x libpng-1.6.37-12.el9_6.4.s390x.rpm SHA-256: fd385c988bbd28db953b07d6a71d10c329f8f97036c62e30c669ce5f72c4d521 libpng-debuginfo-1.6.37-12.el9_6.4.s390x.rpm SHA-256: f37389ff191dc742ae79fe7d724d2e3d6ffd26f6853d8d848eb98631627b6f05 libpng-debugsource-1.6.37-12.el9_6.4.s390x.rpm SHA-256: befb1118736d884b23f9acacd66f79ac23411a3066c9f9751d386f9a21b339a3 libpng-devel-1.6.37-12.el9_6.4.s390x.rpm SHA-256: e0ce900ce169b8c156a479cc628e03fbb9931efaab62a53a9919225ae7d03fc2 libpng-devel-debuginfo-1.6.37-12.el9_6.4.s390x.rpm SHA-256: a10c765d267089a66d5f0b601de1081e4ec9832ded792dfe8d31c7e25d16ed38 libpng-tools-debuginfo-1.6.37-12.el9_6.4.s390x.rpm SHA-256: 3a3f755472695cc822d7e841998ef328ba1cce0856b2723f3cab1e164d098684 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM libpng-1.6.37-12.el9_6.4.src.rpm SHA-256: 48fac7e795ccfb585ca4025e9683167525d104c4da2749e1cb7035e2e63db97c ppc64le libpng-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: 98a42e0c085ce0ca5e3e3a3699eeb3ac2280465edd17ab6ca1dcdaa7392da1c6 libpng-debuginfo-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: eb30481948be48aeeedbe3253c62e8c0bc3f2597649d0e1ecaca976ad96e15ab libpng-debuginfo-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: eb30481948be48aeeedbe3253c62e8c0bc3f2597649d0e1ecaca976ad96e15ab libpng-debugsource-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: 930278125b6eed585c37e90d9aff1e25eae43b0495a97bd70767925d355a8ef7 libpng-debugsource-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: 930278125b6eed585c37e90d9aff1e25eae43b0495a97bd70767925d355a8ef7 libpng-devel-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: b2229ebe912da46a9ec84e6e2c46a4df920bf6bd506c71eae7e744d4d4f03ef6 libpng-devel-debuginfo-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: 61e76c8151a1387772e32dedd469bc7061c9e0ab57baed8576749337a061898b libpng-devel-debuginfo-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: 61e76c8151a1387772e32dedd469bc7061c9e0ab57baed8576749337a061898b libpng-tools-debuginfo-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: f58f7d2e49a08f0ea0992fd6f7eede251e844428edb3fc4c8bd2ac43592d5fd7 libpng-tools-debuginfo-1.6.37-12.el9_6.4.ppc64le.rpm SHA-256: f58f7d2e49a08f0ea0992fd6f7eede251e8444