Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4432-1

Опубликовано: 17 дек. 2025
Источник: suse-cvrf

Описание

Security update for libpng12

This update for libpng12 fixes the following issues:

  • CVE-2025-64505: Fixed heap buffer over-read in png_do_quantize via malformed palette index (bsc#1254157)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6
libpng12-0-1.2.57-150000.4.3.1
libpng12-devel-1.2.57-150000.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libpng12-0-1.2.57-150000.4.3.1
libpng12-devel-1.2.57-150000.4.3.1
openSUSE Leap 15.6
libpng12-0-1.2.57-150000.4.3.1
libpng12-0-32bit-1.2.57-150000.4.3.1
libpng12-compat-devel-1.2.57-150000.4.3.1
libpng12-compat-devel-32bit-1.2.57-150000.4.3.1
libpng12-devel-1.2.57-150000.4.3.1
libpng12-devel-32bit-1.2.57-150000.4.3.1

Ссылки

Описание

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng12-0-1.2.57-150000.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libpng12-devel-1.2.57-150000.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng12-0-1.2.57-150000.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libpng12-devel-1.2.57-150000.4.3.1
Ссылки