{ "threat_severity" : "Important", "public_date" : "2025-11-24T23:50:18Z", "bugzilla" : { "description" : "libpng: LIBPNG heap buffer overflow", "id" : "2416907", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2416907" }, "cvss3" : { "cvss3_base_score" : "7.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds." ], "statement" : "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library's png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.", "affected_release" : [ { "product_name" : "OPENJDK ELS 11.0.30", "release_date" : "2026-01-21T00:00:00Z", "advisory" : "RHSA-2026:0848", "cpe" : "cpe:/a:redhat:openjdk_els:11", "package" : "java-11-openjdk-portable" }, { "product_name" : "OPENJDK ELS 11.0.30", "release_date" : "2026-01-21T00:00:00Z", "advisory" : "RHSA-2026:0849", "cpe" : "cpe:/a:redhat:openjdk_els:11" }, { "product_name" : "Red Hat Build of OpenJDK 17.0.18", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0897", "cpe" : "cpe:/a:redhat:openjdk:17", "package" : "java-17-openjdk-portable" }, { "product_name" : "Red Hat Build of OpenJDK 21.0.10", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0899", "cpe" : "cpe:/a:redhat:openjdk:21", "package" : "java-21-openjdk-portable" }, { "product_name" : "Red Hat Build of OpenJDK 25.0.2", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0901", "cpe" : "cpe:/a:redhat:openjdk:25", "package" : "java-25-openjdk-portable" }, { "product_name" : "Red Hat Build of OpenJDK 8u482", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0895", "cpe" : "cpe:/a:redhat:openjdk:1.8", "package" : "java-1.8.0-openjdk-portable" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0237", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "libpng-2:1.6.40-8.el10_1.1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0928", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "java-21-openjdk-1:21.0.10.0.7-1.el10" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0933", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "java-25-openjdk-1:25.0.2.0.10-1.el10" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0212", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "libpng-2:1.6.40-8.el10_0.1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0928", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "java-21-openjdk-1:21.0.10.0.7-1.el10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0928", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "java-21-openjdk-1:21.0.10.0.7-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-01-06T00:00:00Z", "advisory" : "RHSA-2026:0125", "cpe" : "cpe:/a:redhat:enterprise_linux:8::crb", "package" : "mingw-libpng-0:1.6.34-1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0241", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "libpng-2:1.6.34-9.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_aus:8.2", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0323", "cpe" : "cpe:/o:redhat:rhel_aus:8.2", "package" : "libpng-2:1.6.34-8.el8_2.1" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0321", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "libpng-2:1.6.34-8.el8_4.1" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0321", "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4", "package" : "libpng-2:1.6.34-8.el8_4.1" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0322", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "libpng-2:1.6.34-8.el8_6.1" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0322", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "libpng-2:1.6.34-8.el8_6.1" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0322", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "libpng-2:1.6.34-8.el8_6.1" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0313", "cpe" : "cpe:/o:redhat:rhel_tus:8.8", "package" : "libpng-2:1.6.34-8.el8_8.1" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0313", "cpe" : "cpe:/o:redhat:rhel_e4s:8.8", "package" : "libpng-2:1.6.34-8.el8_8.1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0238", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "libpng-2:1.6.37-12.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0928", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-21-openjdk-1:21.0.10.0.7-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0933", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "java-25-openjdk-1:25.0.2.0.10-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0238", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "libpng-2:1.6.37-12.el9_7.1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0234", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "libpng-2:1.6.37-12.el9_0.1" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0216", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "libpng-2:1.6.37-12.el9_2.1" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0211", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "libpng-2:1.6.37-12.el9_4.1" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0928", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "java-21-openjdk-1:21.0.10.0.7-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0210", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "libpng-2:1.6.37-12.el9_6.1" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0927", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "java-17-openjdk-1:17.0.18.0.8-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:0928", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "java-21-openjdk-1:21.0.10.0.7-1.el9" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-01-26T00:00:00Z", "advisory" : "RHSA-2026:0932", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "java-1.8.0-openjdk-1:1.8.0.482.b08-1.el9" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 7", "release_date" : "2026-01-21T00:00:00Z", "advisory" : "RHSA-2026:0847", "cpe" : "cpe:/a:redhat:openjdk_els:11::el7", "package" : "java-11-openjdk-1:11.0.30.0.7-1.el7_9" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 8", "release_date" : "2026-01-21T00:00:00Z", "advisory" : "RHSA-2026:0847", "cpe" : "cpe:/a:redhat:openjdk_els:11::el8", "package" : "java-11-openjdk-1:11.0.30.0.7-1.el8" }, { "product_name" : "Red Hat OpenJDK 11 els for RHEL 9", "release_date" : "2026-01-21T00:00:00Z", "advisory" : "RHSA-2026:0847", "cpe" : "cpe:/a:redhat:openjdk_els:11::el9", "package" : "java-11-openjdk-1:11.0.30.0.7-1.el9" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0414", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-ui-rhel9:sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee" } ], "package_state" : [ { "product_name" : "Red Hat build of OpenJDK 11 ELS", "fix_state" : "Affected", "package_name" : "java-21-openjdk-portable", "cpe" : "cpe:/a:redhat:openjdk_els:11" }, { "product_name" : "Red Hat build of OpenJDK 17", "fix_state" : "Affected", "package_name" : "java-21-openjdk-portable", "cpe" : "cpe:/a:redhat:openjdk:17" }, { "product_name" : "Red Hat build of OpenJDK 21", "fix_state" : "Affected", "package_name" : "java-21-openjdk-portable-rhel7", "cpe" : "cpe:/a:redhat:openjdk:21" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "libpng", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "java-11-openjdk", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "libpng", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "libpng12", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "libpng12", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "libpng15", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "libpng15", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-65018\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-65018\nhttps://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d\nhttps://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea\nhttps://github.com/pnggroup/libpng/issues/755\nhttps://github.com/pnggroup/libpng/pull/757\nhttps://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g" ], "name" : "CVE-2025-65018", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }