vulnerability
Oracle Linux: CVE-2026-33636: ELSA-2026-7671: firefox security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:P/I:P/A:C) | Mar 26, 2026 | Apr 22, 2026 | Apr 24, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:C)
Published
Mar 26, 2026
Added
Apr 22, 2026
Modified
Apr 24, 2026
Description
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
Solutions
oracle-linux-upgrade-firefoxoracle-linux-upgrade-firefox-x11oracle-linux-upgrade-java-25-openjdkoracle-linux-upgrade-java-25-openjdk-crypto-adapteroracle-linux-upgrade-java-25-openjdk-crypto-adapter-fastdebugoracle-linux-upgrade-java-25-openjdk-crypto-adapter-slowdebugoracle-linux-upgrade-java-25-openjdk-demooracle-linux-upgrade-java-25-openjdk-demo-fastdebugoracle-linux-upgrade-java-25-openjdk-demo-slowdebugoracle-linux-upgrade-java-25-openjdk-develoracle-linux-upgrade-java-25-openjdk-devel-fastdebugoracle-linux-upgrade-java-25-openjdk-devel-slowdebugoracle-linux-upgrade-java-25-openjdk-fastdebugoracle-linux-upgrade-java-25-openjdk-headlessoracle-linux-upgrade-java-25-openjdk-headless-fastdebugoracle-linux-upgrade-java-25-openjdk-headless-slowdebugoracle-linux-upgrade-java-25-openjdk-javadocoracle-linux-upgrade-java-25-openjdk-javadoc-ziporacle-linux-upgrade-java-25-openjdk-jmodsoracle-linux-upgrade-java-25-openjdk-jmods-fastdebugoracle-linux-upgrade-java-25-openjdk-jmods-slowdebugoracle-linux-upgrade-java-25-openjdk-slowdebugoracle-linux-upgrade-java-25-openjdk-srcoracle-linux-upgrade-java-25-openjdk-src-fastdebugoracle-linux-upgrade-java-25-openjdk-src-slowdebugoracle-linux-upgrade-java-25-openjdk-static-libsoracle-linux-upgrade-java-25-openjdk-static-libs-fastdebugoracle-linux-upgrade-java-25-openjdk-static-libs-slowdebugoracle-linux-upgrade-thunderbird
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.