Back

Critical Heap Buffer Overflow Vulnerability in Fedora's libpng Packages

Severity: High (Score: 72.0)

Sources: Linuxsecurity

Summary

Two vulnerabilities have been identified in the libpng library affecting Fedora 42. The first, CVE-2026-25646, is a heap buffer overflow in the libpng12 package (version 1.2.57-25) and the second affects the libpng15 package (version 1.5.30-25). Both vulnerabilities allow for potential exploitation through the png_set_quantize function, which could lead to arbitrary code execution. Users of Fedora 42 are advised to update their systems to mitigate the risk. The vulnerabilities were published on February 10, 2026, and patches are available via the dnf update program. Fedora's security team has issued advisories for both packages, urging immediate action. The issues primarily affect users who rely on these older versions of the libpng library for image processing. Key Points: • CVE-2026-25646 affects both libpng12 and libpng15 packages in Fedora 42. • Heap buffer overflow could lead to arbitrary code execution. • Users are urged to update their systems immediately using dnf.

Key Entities

  • CVE-2026-25646 (cve)
  • Fedora (company)
  • Libpng (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed