{"schema_version": "1.7.0", "id": "RLSA-2026:3031", "modified": "2026-02-24T18:58:17.005142Z", "published": "2026-02-24T18:54:11.875441Z", "upstream": ["CVE-2026-25646"], "summary": "Important: libpng15 security update", "details": "The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:9", "name": "libpng15", "purl": "pkg:rpm/rocky-linux/libpng15?distro=rocky-linux-9&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.5.30-14.el9_7.1"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2026:3031"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}