Amazon Linux 2023 Security Advisory: ALAS2023-2026-1440
Advisory Released Date: 2026-02-18
Advisory Updated Date: 2026-02-18
Severity:
Medium
Issue Overview:
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive (CVE-2025-28162)
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. (CVE-2025-28164)
Affected Packages:
libpng
Issue Correction:
Run dnf update libpng --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1440 --releasever 2023.10.20260216 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
libpng-debugsource-1.6.37-10.amzn2023.0.10.aarch64
libpng-tools-debuginfo-1.6.37-10.amzn2023.0.10.aarch64
libpng-static-1.6.37-10.amzn2023.0.10.aarch64
libpng-debuginfo-1.6.37-10.amzn2023.0.10.aarch64
libpng-tools-1.6.37-10.amzn2023.0.10.aarch64
libpng-devel-debuginfo-1.6.37-10.amzn2023.0.10.aarch64
libpng-1.6.37-10.amzn2023.0.10.aarch64
libpng-devel-1.6.37-10.amzn2023.0.10.aarch64
src:
libpng-1.6.37-10.amzn2023.0.10.src
x86_64:
libpng-debugsource-1.6.37-10.amzn2023.0.10.x86_64
libpng-devel-debuginfo-1.6.37-10.amzn2023.0.10.x86_64
libpng-static-1.6.37-10.amzn2023.0.10.x86_64
libpng-1.6.37-10.amzn2023.0.10.x86_64
libpng-tools-debuginfo-1.6.37-10.amzn2023.0.10.x86_64
libpng-debuginfo-1.6.37-10.amzn2023.0.10.x86_64
libpng-devel-1.6.37-10.amzn2023.0.10.x86_64
libpng-tools-1.6.37-10.amzn2023.0.10.x86_64