RHSA-2026:9255
Vulnerability from csaf_redhat - Published: 2026-04-22 15:44 - Updated: 2026-04-22 19:36Summary
Red Hat Security Advisory: OpenJDK 11.0.31 ELS Security Update for Portable Linux Builds
Severity
Important
Notes
Topic: An update is now available for OpenJDK.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The OpenJDK 11 ELS packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
This release of the Red Hat build of OpenJDK 11 (11.0.31) with Extended Lifecycle Support for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.30) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* JDK: LIBPNG: out-of-bounds read in png_image_read_composite (CVE-2025-66293)
* JDK: LIBPNG: Information disclosure and denial of service via integer
truncation in simplified write API (CVE-2026-22801)
* JDK: LIBPNG: has a heap buffer overflow in png_set_quantize (CVE-2026-25646)
* JDK: GIFLIB: Denial of Service via buffer overflow in EGifGCBToExtension
(CVE-2026-26740)
* JDK: LIBPNG: Arbitrary code execution due to use-after-free vulnerability
(CVE-2026-33416)
* JDK: LIBPNG: Information disclosure and denial of service via out-of-bounds
read/write in Neon palette expansion (CVE-2026-33636)
* JDK: LIBPNG: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* JDK: (CVE-2026-22007)
* JDK: (CVE-2026-22016)
* JDK: (CVE-2026-22013)
* JDK: (CVE-2026-22018)
* JDK: (CVE-2026-22021)
* JDK: (CVE-2026-34268)
* JDK: (CVE-2026-34282)
* JDK: (CVE-2026-23865)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.
7.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
No description is available for this CVE.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
No description is available for this CVE.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
No description is available for this CVE.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
No description is available for this CVE.
CWE-125 - Out-of-bounds Read
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
No description is available for this CVE.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.
6.1 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
Workaround
To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.
A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.
6.6 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or denial of service.
5.3 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.
7.0 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
Workaround
To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
7.6 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
No description is available for this CVE.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
No description is available for this CVE.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:9255
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OpenJDK.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenJDK 11 ELS packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.\n\nThis release of the Red Hat build of OpenJDK 11 (11.0.31) with Extended Lifecycle Support for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 (11.0.30) and includes security and bug fixes as well as enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* JDK: LIBPNG: out-of-bounds read in png_image_read_composite (CVE-2025-66293)\n* JDK: LIBPNG: Information disclosure and denial of service via integer\ntruncation in simplified write API (CVE-2026-22801)\n* JDK: LIBPNG: has a heap buffer overflow in png_set_quantize (CVE-2026-25646)\n* JDK: GIFLIB: Denial of Service via buffer overflow in EGifGCBToExtension\n(CVE-2026-26740)\n* JDK: LIBPNG: Arbitrary code execution due to use-after-free vulnerability\n(CVE-2026-33416)\n* JDK: LIBPNG: Information disclosure and denial of service via out-of-bounds\nread/write in Neon palette expansion (CVE-2026-33636)\n* JDK: LIBPNG: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)\n\n* JDK: (CVE-2026-22007)\n* JDK: (CVE-2026-22016)\n* JDK: (CVE-2026-22013)\n* JDK: (CVE-2026-22018)\n* JDK: (CVE-2026-22021)\n* JDK: (CVE-2026-34268)\n* JDK: (CVE-2026-34282)\n* JDK: (CVE-2026-23865)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9255",
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/11/html/release_notes_for_red_hat_build_of_openjdk_11.0.31/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_openjdk/11/html/release_notes_for_red_hat_build_of_openjdk_11.0.31/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9255.json"
}
],
"title": "Red Hat Security Advisory: OpenJDK 11.0.31 ELS Security Update for Portable Linux Builds",
"tracking": {
"current_release_date": "2026-04-22T19:36:04+00:00",
"generator": {
"date": "2026-04-22T19:36:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:9255",
"initial_release_date": "2026-04-22T15:44:55+00:00",
"revision_history": [
{
"date": "2026-04-22T15:44:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-22T15:44:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-22T19:36:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OPENJDK ELS 11.0.31",
"product": {
"name": "OPENJDK ELS 11.0.31",
"product_id": "OPENJDK ELS 11.0.31",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openjdk_els:11"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenJDK"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important as it affects libpng, a widely used library for PNG image processing. The flaw is due to an out-of-bounds read in libpng\u2019s simplified API when handling specially crafted PNG images containing partial transparency and gamma correction data. Successful exploitation could result in information disclosure or cause application crashes in applications processing untrusted PNG content.\n\nFor `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OPENJDK ELS 11.0.31"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
},
{
"cve": "CVE-2026-22007",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460038"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance crypto algorithm support (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22007"
},
{
"category": "external",
"summary": "RHBZ#2460038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460038"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22007"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance crypto algorithm support (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22013",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460040"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Improve Kerberos credentialing (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22013"
},
{
"category": "external",
"summary": "RHBZ#2460040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460040"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22013",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22013"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: OpenJDK: Improve Kerberos credentialing (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22016",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460039"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance Path Factories Redux (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22016"
},
{
"category": "external",
"summary": "RHBZ#2460039",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460039"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22016",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22016"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: OpenJDK: Enhance Path Factories Redux (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22018",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460041"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance Zip file reading (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22018"
},
{
"category": "external",
"summary": "RHBZ#2460041",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460041"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22018"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance Zip file reading (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22021",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460042"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance certificate chain validation (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22021"
},
{
"category": "external",
"summary": "RHBZ#2460042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460042"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22021",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22021"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjdk: OpenJDK: Enhance certificate chain validation (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-22695",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:52.403246+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428825"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for processing PNG (Portable Network Graphics) image files. A local attacker could exploit a heap buffer over-read vulnerability in the `png_image_finish_read` function by tricking a user into processing a specially crafted interlaced 16-bit PNG file with an 8-bit output format and non-minimal row stride. This could lead to a denial of service (DoS) and potentially information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A heap buffer over-read flaw exists in the libpng library when processing specially crafted interlaced 16-bit PNG images with 8-bit output format and non-minimal row stride. This issue requires user interaction, as an attacker would need to trick a user into opening a malicious PNG file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22695"
},
{
"category": "external",
"summary": "RHBZ#2428825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428825"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22695"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2",
"url": "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/778",
"url": "https://github.com/pnggroup/libpng/issues/778"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp"
}
],
"release_date": "2026-01-12T22:55:40.204000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid opening untrusted PNG image files. Applications that process PNG images should be configured to restrict processing of untrusted or unverified content where possible.",
"product_ids": [
"OPENJDK ELS 11.0.31"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read"
},
{
"cve": "CVE-2026-22801",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-01-13T00:08:42.581146+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a reference library for PNG (Portable Network Graphics) raster image files. An integer truncation vulnerability exists in the png_write_image_16bit and png_write_image_8bit simplified write API functions. A local attacker could exploit this flaw by providing a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes, leading to a heap buffer over-read. This can result in information disclosure or a denial of service (DoS) to the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. An integer truncation flaw in the libpng simplified write API functions (`png_write_image_16bit`, `png_write_image_8bit`) can lead to a heap buffer over-read. Exploitation requires an application to process specially crafted input that provides a negative row stride or a stride exceeding 65535 bytes, potentially resulting in denial of service or information disclosure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22801"
},
{
"category": "external",
"summary": "RHBZ#2428824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22801"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8"
}
],
"release_date": "2026-01-12T22:57:58.288000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"OPENJDK ELS 11.0.31"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API"
},
{
"cve": "CVE-2026-23865",
"discovery_date": "2026-03-02T17:01:54.514540+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Freetype. An integer overflow vulnerability exists when processing specially crafted OpenType variable fonts. A local attacker could exploit this by convincing a user to open a malicious font file, which may lead to an out-of-bounds read and potential information disclosure or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Freetype: Freetype: Information disclosure or denial of service via specially crafted font files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a MODERATE impact vulnerability. An integer overflow in the Freetype library can lead to an out-of-bounds read when processing specially crafted OpenType variable fonts. Exploitation requires user interaction, such as opening a malicious font file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23865"
},
{
"category": "external",
"summary": "RHBZ#2443891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23865"
},
{
"category": "external",
"summary": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c",
"url": "https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c"
},
{
"category": "external",
"summary": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/",
"url": "https://sourceforge.net/projects/freetype/files/freetype2/2.14.2/"
},
{
"category": "external",
"summary": "https://www.facebook.com/security/advisories/cve-2026-23865",
"url": "https://www.facebook.com/security/advisories/cve-2026-23865"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-03-02T16:09:42.079000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Freetype: Freetype: Information disclosure or denial of service via specially crafted font files"
},
{
"cve": "CVE-2026-25646",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-02-10T18:01:28.232408+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438542"
}
],
"notes": [
{
"category": "description",
"text": "A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user\u0027s display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25646"
},
{
"category": "external",
"summary": "RHBZ#2438542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25646"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/02/09/7",
"url": "http://www.openwall.com/lists/oss-security/2026/02/09/7"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88",
"url": "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3"
}
],
"release_date": "2026-02-10T17:04:38.501000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OPENJDK ELS 11.0.31"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize"
},
{
"cve": "CVE-2026-26740",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-03-18T19:01:41.415027+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448747"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension (GCE) block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of service (DoS) on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26740"
},
{
"category": "external",
"summary": "RHBZ#2448747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26740"
},
{
"category": "external",
"summary": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md",
"url": "https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OPENJDK ELS 11.0.31"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"OPENJDK ELS 11.0.31"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"OPENJDK ELS 11.0.31"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
},
{
"cve": "CVE-2026-34268",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460043"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance key generation (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34268"
},
{
"category": "external",
"summary": "RHBZ#2460043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460043"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34268",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34268"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjdk: OpenJDK: Enhance key generation (Oracle CPU 2026-04)"
},
{
"cve": "CVE-2026-34282",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-04-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460044"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: OpenJDK: Enhance TLS connection handling (Oracle CPU 2026-04)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OPENJDK ELS 11.0.31"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34282"
},
{
"category": "external",
"summary": "RHBZ#2460044",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460044"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34282"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixJAVA"
}
],
"release_date": "2026-04-21T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-22T15:44:55+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"OPENJDK ELS 11.0.31"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9255"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OPENJDK ELS 11.0.31"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: OpenJDK: Enhance TLS connection handling (Oracle CPU 2026-04)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…