The libpng library, which provides functions for creating and manipulating PNG image files, contains multiple vulnerabilities: a buffer overflow (CVE-2025-64720), a heap buffer overflow (CVE-2025-65018), and an out-of-bounds read (CVE-2025-66293). These issues affect Red Hat Enterprise Linux 10.0 Extended Update Support and related architectures including x86_64, s390x, ppc64le, and aarch64. Red Hat Product Security has released updated libpng packages to fix these vulnerabilities as detailed in advisory RHSA-2026:0212. The advisory rates the security impact as Important (high severity). The vulnerabilities are related to improper memory handling in libpng functions, which could lead to memory corruption or crashes. No CVSS scores are provided in the advisory, and no exploits have been observed in the wild.

Successful exploitation of these vulnerabilities could result in memory corruption, including buffer overflows and out-of-bounds reads, potentially leading to application crashes or other undefined behavior when processing specially crafted PNG files. The advisory does not report any known active exploitation in the wild. The impact is rated as Important by Red Hat, indicating a high severity level that warrants timely remediation.

Red Hat has released updated libpng packages that address these vulnerabilities. Users of affected Red Hat Enterprise Linux 10.0 Extended Update Support and related versions should apply the security update as described in Red Hat advisory RHSA-2026:0212. Detailed instructions for applying the update are available at https://access.redhat.com/articles/11258. Applying the official patch is the recommended mitigation. No additional vendor-recommended mitigations or workarounds are indicated in the advisory.