ALSA-2026:3031

See a problem?

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:3031.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2026:3031

Related

CVE-2026-25646

Published

2026-02-23T00:00:00Z

Modified

2026-03-04T13:04:03.412389Z

Summary

Important: libpng15 security update

Details

The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.

Security Fix(es):

libpng: LIBPNG has a heap buffer overflow in pngsetquantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:9 / libpng15

Package

Name: libpng15
Purl: pkg:rpm/almalinux/libpng15

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.30-14.el9_7.1

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:3031.json"