Advisories » MGASA-2026-0038

Updated libpng packages fix security vulnerability

Publication date: 12 Feb 2026
Modification date: 12 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-25646

Description

Heap buffer overflow in png_set_quantize when called with no histogram
and a palette larger than twice the requested maximum number of colors.
(CVE-2026-25646)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35115
• https://www.openwall.com/lists/oss-security/2026/02/09/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646

SRPMS

9/core

• libpng-1.6.38-1.4.mga9