The libpng library in Red Hat Enterprise Linux 8.8 contains multiple security flaws: a buffer overflow (CVE-2025-64720), a heap buffer overflow (CVE-2025-65018), and an out-of-bounds read in the png_image_read_composite function (CVE-2025-66293). These vulnerabilities could allow an attacker to cause memory corruption or read unauthorized memory regions. Red Hat Product Security has released an advisory (RHSA-2026:0313) with updated libpng packages to address these issues. The advisory covers several Red Hat Enterprise Linux 8.8 variants including Update Services for SAP Solutions and Telecommunications Update Service. No CVSS scores are provided in the advisory, but the vulnerabilities are rated as important by Red Hat. No public exploits are known. The advisory includes package updates and references for remediation.

Successful exploitation of these vulnerabilities could result in memory corruption or out-of-bounds memory reads, potentially leading to application crashes or information disclosure. The vulnerabilities affect the libpng library used for handling PNG image files in Red Hat Enterprise Linux 8.8. There are no reports of active exploitation in the wild. The impact is considered important by Red Hat, indicating a significant security risk if unpatched.

Red Hat has released updated libpng packages that fix these vulnerabilities. Users of affected Red Hat Enterprise Linux 8.8 variants should apply the security update as detailed in Red Hat advisory RHSA-2026:0313 and the referenced update article (https://access.redhat.com/articles/11258). Applying these official patches is the recommended remediation. No additional mitigation steps are indicated by the vendor advisory.