Threats Tagged 'cve-2026-26740'

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fix(es): * JDK: Enhance crypto algorithm support (CVE-2026-22007) * JDK: Improved Arena allocations (CVE-2026-22008) * JDK: Improve Kerberos credentialing (CVE-2026-22013) * JDK: Enhance Path Factories Redux (CVE-2026-22016) * JDK: Enhance Zip file reading (CVE-2026-22018) * JDK: Enhance certificate chain validation (CVE-2026-22021) * JDK: Updating FreeType 2.14.1 (CVE-2026-23865) * JDK: Enhance TLS connection handling (CVE-2026-34282) * JDK: Enhance key generation (CVE-2026-34268) This release also updates a number of third-party libraries included in the JDK. The libraries themselves are affected by the following CVEs, but this is not a statement that the JDK itself is affected: * giflib: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740) * libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) * libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) Bug Fix(es): * When copying files, OpenJDK 25 prefers to use the copy_file_range native function for performance reasons, only falling back to sendfile when this fails. However, in previous OpenJDK 25 releases, a response of EOPNOTSUPP (operation not supported) did not cause the JDK to fall back to sendfile. This is rectified in this release. (RHEL-169939, RHEL-169937) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release contains OpenJDK 11 with Extended Lifecycle Support for Red Hat Enterprise Linux versions 7, 8, and 9. Security Fix(es): * JDK: LIBPNG: out-of-bounds read in png_image_read_composite (CVE-2025-66293) * JDK: LIBPNG: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801) * JDK: LIBPNG: has a heap buffer overflow in png_set_quantize (CVE-2026-25646) * JDK: GIFLIB: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740) * JDK: LIBPNG: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) * JDK: LIBPNG: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) * JDK: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695) * JDK: (CVE-2026-22007) * JDK: (CVE-2026-22016) * JDK: (CVE-2026-22013) * JDK: (CVE-2026-22018) * JDK: (CVE-2026-22021) * JDK: (CVE-2026-34268) * JDK: (CVE-2026-34282) * JDK: (CVE-2026-23865) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The OpenJDK 11 ELS packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 (11.0.31) with Extended Lifecycle Support for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.30) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * JDK: LIBPNG: out-of-bounds read in png_image_read_composite (CVE-2025-66293) * JDK: LIBPNG: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801) * JDK: LIBPNG: has a heap buffer overflow in png_set_quantize (CVE-2026-25646) * JDK: GIFLIB: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740) * JDK: LIBPNG: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416) * JDK: LIBPNG: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636) * JDK: LIBPNG: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695) * JDK: (CVE-2026-22007) * JDK: (CVE-2026-22016) * JDK: (CVE-2026-22013) * JDK: (CVE-2026-22018) * JDK: (CVE-2026-22021) * JDK: (CVE-2026-34268) * JDK: (CVE-2026-34282) * JDK: (CVE-2026-23865) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 (17.0.19) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 (17.0.18) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * JDK: Enhance crypto algorithm support (CVE-2026-22007) * JDK: Improve Kerberos credentialing (CVE-2026-22013) * JDK: Enhance Path Factories Redux (CVE-2026-22016) * JDK: Enhance Zip file reading (CVE-2026-22018) * JDK: Enhance certificate chain validation (CVE-2026-22021) * JDK: Updating FreeType 2.14.1 (CVE-2026-23865) * JDK: Enhance TLS connection handling (CVE-2026-34282) * JDK: Enhance key generation (CVE-2026-34268) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * JDK: Enhance crypto algorithm support (CVE-2026-22007) * JDK: Improve Kerberos credentialing (CVE-2026-22013) * JDK: Enhance Path Factories Redux (CVE-2026-22016) * JDK: Enhance Zip file reading (CVE-2026-22018) * JDK: Enhance certificate chain validation (CVE-2026-22021) * JDK: Updating FreeType 2.14.1 (CVE-2026-23865) * JDK: Enhance TLS connection handling (CVE-2026-34282) * JDK: Enhance key generation (CVE-2026-34268) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

HighVulnerabilityUnited StatesGermanyJapan+7#cve#cve-2026-26740