Описание
Security update for libpng16
This update for libpng16 fixes the following issues:
- CVE-2025-66293: out-of-bounds read of the
png_sRGB_basearray when processing palette PNG images with partial transparency and gamma correction (bsc#1254480).
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
libpng16-16-1.6.8-15.12.1
libpng16-16-32bit-1.6.8-15.12.1
libpng16-compat-devel-1.6.8-15.12.1
libpng16-devel-1.6.8-15.12.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libpng16-16-1.6.8-15.12.1
libpng16-16-32bit-1.6.8-15.12.1
libpng16-compat-devel-1.6.8-15.12.1
libpng16-devel-1.6.8-15.12.1
Ссылки
- Link for SUSE-SU-2026:0085-1
- E-Mail link for SUSE-SU-2026:0085-1
- SUSE Security Ratings
- SUSE Bug 1254480
- SUSE CVE CVE-2025-66293 page
Описание
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-1.6.8-15.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-16-32bit-1.6.8-15.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-compat-devel-1.6.8-15.12.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libpng16-devel-1.6.8-15.12.1
Ссылки
- CVE-2025-66293
- SUSE Bug 1254480