Описание
Security update for libpng16
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in
png_combine_rowtriggered viapng_image_finish_read(bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in
png_image_read_composite(bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in
png_write_image_8bitwith 8-bit input andconvert_to_8bitenabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in
png_image_read_compositevia incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in
png_do_quantizevia malformed palette index (bsc#1254157)
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
Container suse/sle-micro/base-5.5:latest
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Micro 5.5
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Manager Proxy LTS 4.3
SUSE Manager Server LTS 4.3
Ссылки
- Link for SUSE-SU-2025:4436-1
- E-Mail link for SUSE-SU-2025:4436-1
- SUSE Security Ratings
- SUSE Bug 1254157
- SUSE Bug 1254158
- SUSE Bug 1254159
- SUSE Bug 1254160
- SUSE Bug 1254480
- SUSE CVE CVE-2025-64505 page
- SUSE CVE CVE-2025-64506 page
- SUSE CVE CVE-2025-64720 page
- SUSE CVE CVE-2025-65018 page
- SUSE CVE CVE-2025-66293 page
Описание
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.
Затронутые продукты
Ссылки
- CVE-2025-64505
- SUSE Bug 1254157
Описание
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.
Затронутые продукты
Ссылки
- CVE-2025-64506
- SUSE Bug 1254158
Описание
unknown
Затронутые продукты
Ссылки
- CVE-2025-64720
- SUSE Bug 1254159
Описание
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.
Затронутые продукты
Ссылки
- CVE-2025-65018
- SUSE Bug 1254160
Описание
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
Затронутые продукты
Ссылки
- CVE-2025-66293
- SUSE Bug 1254480